Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why traditional black box testing is failing modern AppSec teams

Applications have long evolved from monolithic structures to complex, cloud-native architectures. This means that the tried-and-true methods we rely on are becoming dangerously outdated. For AppSec to keep pace, we must look beyond current tooling and revisit the very fundamentals of DAST – the automated discipline of black box testing.

One-Size-Fits-All Security Training Fits Nobody

Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel. Go see Metallica live. What do you want? Enter Sandman. Master of Puppets. The songs you know by heart. Play some deep cut from a B-side and watch 50,000 people suddenly become very interested in their phones. But go see your favourite comedian and the contract flips entirely. Tell me a joke I've heard before and I'll ask for my money back. The difference?

Phishing Campaign Uses Fake Party Invites to Deliver Remote Access Tools

A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, according to researchers at Symantec. “A highly active threat actor that specializes in using the ScreenConnect remote management and monitoring (RMM) software in its attacks has changed tactics and is now infecting its victims with multiple RMM tools, including LogMeIn Resolve and Naverisk,” Symantec says.

Black Friday: How to Protect Your Retail Clients from Ransomware

Black Friday is one of the most demanding seasons for the retail sector. Massive spikes in online traffic, aggressive promotions, and pressure to keep services available significantly increase the risk of an attack. Cybercriminals are aware of this and exploit the saturation to launch ransomware campaigns, phishing attempts, and supply chain attacks that aim to disrupt operations, steal sensitive data, and cause maximum impact.

FedRAMP IaaS vs PaaS vs SaaS - What's The Difference?

If you’ve browsed the FedRAMP marketplace in the interest of using a government-certified service, either as part of your own services or on behalf of an agency, you’ve likely seen the various -aaS designations. The “aaS” stands for “as a Service”, and it’s part of how modern internet services function. What are the different kinds of services, and how do they engage with FedRAMP? The differences can be important.

Goshen & Hancock Settle Meta Pixel Lawsuits: Healthcare Tracking Risk

Two Indiana healthcare providers, Goshen Health System and Hancock Regional Hospital, recently reached settlements tied to the use of website tracking technologies, including Meta Pixel. Neither organization admitted to any deliberate misconduct, emphasizing that the settlement is done to avoid the cost and disruption of continued litigation.

Retail Peak Season & Account Takeover Prevention: The 2025 Survival Guide

The retail sector approaches the 2025 peak holiday season facing a perfect storm. We are no longer contending with opportunistic human fraudsters or rudimentary scripts. We face a tidal wave of autonomous, generative AI-powered agents capable of mimicking human behavior. According to Ran Arad, a subject matter expert at Memcyco, we must view phishing, digital impersonation, and account takeover (ATO) as an interrelated lifecycle. Usually, a phishing attack provides the link to an impersonating site.

How to measure the ROI of penetration testing and cyber security investments

Cyber security is a critical business enabler. Proactive cyber security measures, such as penetration testing, threat monitoring, and staff training, reduce the likelihood of breaches and operational disruption. However, demonstrating the return on investment (ROI) of these initiatives can be difficult to quantify.

Don't Let AI Put Your Jira Data at Risk

Artificial Intelligence is everywhere nowadays. It helps teams to be more productive, but at the same time, it can threaten your critical project management data. The introduction of AI into Jira opened up new paths for attackers to exploit, new vulnerabilities coming up internally, and human errors. So, in this article, let’s speak about AI data loss in Jira and what measures to take to protect your sensitive data in Jira Cloud.

Why Automotive Manufacturers Are Switching to OEM Owned Key Management System

The automotive industry is undergoing a profound transformation. With vehicles now functioning as software-defined, connected platforms, manufacturers face unprecedented security challenges. From over-the-air (OTA) updates and telematics to ADAS, battery systems and mobility services, every vehicle today relies on digital identities and cryptographic trust. Historically, OEMs have relied heavily on Tier 1 suppliers to manage keys, certificates and firmware signing processes.