Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Discover how SPICE, WIMSE, and SCITT are redefining workload identity, digital trust, and software supply chain integrity in modern machine-first environments.

Application security testing (AST) is the process of identifying and fixing security vulnerabilities in software applications. It ensures that applications are protected against threats such as unauthorized access, data breaches, and code manipulation. The application layer continues to be the most attacked and hardest to defend in the enterprise software stack.

CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured.

The proliferation of Internet of Things (IoT) devices - more specifically, security cameras - has forced organizations to rethink how they protect their physical hardware. Security cameras represent some of the most common IoT devices installed in business and commercial environments. Recent estimates suggest the smart camera market is expected to grow at an astronomical rate, reaching a potential valuation of $12.71 billion by 2030, growing at a Compound Annual Growth Rate of 10%.

Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.

For all the advancements in vulnerability remediation, one of the most fundamental challenges remains unsolved: knowing what to fix first. And according to the 2025 Remediation Operations Report, it’s still not where it needs to be. In fact, difficulty prioritizing vulnerabilities ranks as the third biggest challenge security teams face when managing vulnerabilities. That’s not just an operational inconvenience, it’s a signal that something core to the remediation process is broken.

In this week’s episode of The Future of Security Operations podcast, I'm joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale.

Digital Risk Protection (DRP) helps organizations identify, monitor, and protect against threats across their digital footprint. The goal is to catch risks on the open, deep, and dark web before they can be exploited, by aggregating threat intelligence from diverse external sources (social media, underground forums, code repositories, and paste sites). Organizations scan continuously for exposed credentials, brand impersonations, data leaks, and emerging malware campaigns.

Slack has become integral for many organizations, powering everything from internal to external communication and project workflows. But as adoption grows, so does risk. Hackers are increasingly targeting Slack as it often contains intellectual property, credentials, and valuable reconnaissance information. Sumo Logic Cloud SIEM now secures your Slack usage against insider and third-party threats by monitoring audit logs for suspicious activity to keep your company and its data protected.

Vibe coding is an approach to AI coding where artificial intelligence generates executable code from natural language prompts, which is then reviewed and refined by human developers to ensure accuracy and security.