Vulnerability management in the cloud is more challenging than ever. Security teams are drowning in vulnerability alerts, asked to deal with them quickly even as the list continues to expand. What they lack is a clear path to remediation. Legacy tools flood teams with critical alerts, while offering little guidance on which fixes will be most impactful. Vulnerability management isn’t just about identifying the biggest risks — it’s about taking decisive action.

Organizations benefit from the speed of the cloud, but with great power comes great responsibility. An inadvertent cloud misconfiguration can leave the door open to bad actors. While cloud configuration issues most often stem from human error or lack of awareness, they are unfortunately a leading cause of data breaches.

Identities have become one of the most common ways modern threat actors gain a foothold in the cloud. From stolen credentials to overly permissive roles and privilege escalation, attackers use a range of tactics to exploit identities and use them to launch devastating breaches. Once inside your environment, they can move laterally, exploit resources, or steal sensitive data, leaving security teams scrambling to contain the damage.

Since the Sysdig Threat Research Team (TRT) discovered LLMjacking in May 2024, we have continued to observe new insights into and applications for these attacks. Large language models (LLMs) are rapidly evolving and we are all still learning how best to use them, but in the same vein, attackers continue to evolve and grow their use cases for misuse.

In the early 2000s, one of the hardest choices many of us faced online was selecting our MySpace “Top 8” — the ultimate public display of friendship. Choosing which friends to feature required serious thought, some strategic prioritization, and let’s be honest — risking a few hurt feelings. I wonder if Tom still thinks about the impossible position he created for a generation of young internet users.

In the world of cloud-native applications, microservices and Kubernetes have become the backbone of modern software architecture. The scalability, flexibility, and orchestration capabilities provided by Kubernetes have revolutionized how applications are built and managed. However, like any powerful tool, Kubernetes introduces complexity, and with complexity comes risk — particularly in the form of security vulnerabilities.

One of the primary goals of information security is to protect data, which of course entails protecting the resources that store and provide access to that data. According to the NIST Cybersecurity Framework, organizations need to develop and implement the necessary protections to restrict or mitigate the effect of a possible cybersecurity incident. Security should be integrated right from the source of the cloud architecture design process.

There is nothing more exciting (or nerve-wracking) than sharing something you’ve created with the world. Over 25 years ago, we started working on Wireshark. For us, it has always been more than just a piece of software — it’s how we met, how we began our careers, and how we learned to solve problems that once seemed insurmountable.

The origins of Sysdig, Falco, and Wireshark can be traced back to one fundamental need: making sense of complex, real-time network traffic for better security and operational insights. Long before containers and cloud security became pressing concerns, Gerald Combs and Loris Degioanni, creators of Wireshark, were solving a different but related problem: how to capture and analyze packets to understand what was happening across networks.

After years in the technical writing trenches at industry giants like Cisco, Riverbed, and Akamai, I now lead the Sysdig Documentation team. I’m Shuba Subramaniam, and I’m passionate about creating content that truly helps people — whether they’re exploring Sysdig for the first time or troubleshooting a tricky issue at 2 a.m.