Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

DORA Is Here - But Readiness Concerns Are Far from Over

For months, the impending Digital Operational Resilience Act (DORA) deadline has dominated boardroom discussions across the financial sector with its potential to reshape operational and regulatory practices. Now that DORA is officially in effect, attention has shifted to other matters, such as a new US presidential inauguration, AI, and fiscal concerns for 2025. Yet DORA should remain a major cause for concern as the regulation is now active and enforcement has begun. Given its likely strict enforcement, financial organisations and third parties must maintain focus on compliance to avoid major regulatory and operational risks.

Role-based access control: Your organization's defense against cyberthreats

In today’s world, cyberthreats are so prevalent that they expose both public and private organizations to data breaches. A single account with excessive privileges is enough for a hacker to infiltrate the entire organization. To protect your organization from such incidents, you can delegate permissions to users based on their roles and responsibilities. This is where role-based access control (RBAC) comes in.

Top tips: How not to let dark data become a silent threat to your organization

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we’ll explore a few ways to identify dark data and mitigate the risks it poses. Dark data is a threat to organizations. Despite efforts to prevent it, dark data inevitably makes its way into systems and is often left unaddressed.

WatchGuard Joins AWS ISV Accelerate Program and Announces Availability in AWS Marketplace

WatchGuard Technologies, a global leader in unified cybersecurity, today announced that it has joined theAmazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program, a co-sell program for AWS Partners that provides software solutions that run on or integrate with AWS. The program helps AWS Partners drive new business by directly connecting participating ISVs with the AWS Sales organisation.

Introducing the Ivanti ITSM & Protecto Partnership: Enabling Secure Data for AI Agents

Discover how Protecto secures data within Ivanti ITSM APIs to prevent data leaks, privacy violations, and compliance risks. In this video, we’ll show how Protecto acts as a data guardrail, ensuring that sensitive information like PII and PHI is identified, masked, and handled securely before it reaches AI agents. Participants: Amar Kanagaraj, Founder & CEO of Protecto Kalyan Vishnubhotla, Director of Strategic Partnerships, Ivanti.

Fake VS Code Extension on npm Spreads Multi-Stage Malware

In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware. This blog takes a closer look at how the malicious extension operates, its obfuscation techniques, and IOCs related to this incident.

2025 OWASP Top 10 for LLM Applications: A Quick Guide

Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.

How CISOs Can Build a Cybersecurity-First Culture

Creating an enterprise security-first culture is one of the most impactful things a CISO can do to protect their organization. Sure, high-tech solutions and fancy tools are important, but they are largely ineffective when staff are unable or unwilling to play their part in preventing, identifying, and reporting security incidents. However, in the quest to develop a positive cybersecurity culture, many Chief Information Security Officers (CISOs) inadvertently create a toxic environment.