Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recently, I received an email at work from a company with whom I've had previous interactions. The email lacked context and contained an attachment, immediately raising suspicion. I reported it to our infosec team using the Phish Alert Button (PAB). A short while later, our team confirmed it was indeed a malicious email. Subsequently, the sender organization informed us that they had been compromised, and phishing emails had been distributed from their account.

Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected. CNAPPs depend on APIs and deployment hooks to see what’s running.

As 9 out of 10 valuable web apps are missing testing, we’re launching new capabilities to help teams know what else, beyond core applications, is likely to require in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, bridging the gap between broad and deep testing across the entire attack surface.

A tremendous surge has been seen in the number of systems infected with different types of malicious software over the past few years. Among the various types viruses, worms, and Trojan horses are some of the most well-known. These are often used interchangeably, but the fact is each of these has distinct characteristics and behaviors. Here in this blog, we are going to explain the difference between viruses, Trojan Horses, and worms for effective cybersecurity measures. Let’s begin!

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Curious no claims on the attack, could that suggest an insider?

This blog explores exploitable vulnerabilities meaning by demystifying the concept and explaining what the phrase actually entails – both as a category and in the context of specific threats. Understanding which vulnerabilities can be actively exploited – and learning how to address them – is essential for any organization striving to stay secure.

At Vanta, our mission is to secure the internet and protect consumer data. The proliferation of AI has made this both more challenging—and more important—than ever before. In our ongoing mission to ensure we safely use AI and demonstrate trustworthy AI practices, we’re excited to announce that Vanta is the first trust management platform to achieve ISO 42001 certification from an ANAB-accredited 42001 assessor. ‍

In the race to scale digital platforms, security should never slow you down. Yet, many security solutions are often rigid, complex, and operationally intrusive. That’s why we built AppSentinels to deliver robust API protection without disrupting performance, processes, or peace of mind. From day one, AppSentinels was engineered with operational ease at its core—so security and DevOps teams can sleep easy, knowing their APIs are secured by design. Here’s how we do it.

The 2025 State of Detection Engineering at Elastic explores how we create, maintain, and assess our SIEM and EDR rulesets. Today, Elastic Security Labs is releasing the 2025 State of Detection Engineering at Elastic! This brand new report is the first of its kind — we’re pulling back the curtain on our Detection Engineering practices, going beyond the traditional survey-style State of Detection Engineering report.

ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls. Most tools, including Falco, Tetragon, and Microsoft Defender fail to detect rootkits using io_uring because they rely on syscall monitoring. ARMO’s proof-of-concept rootkit, Curing, operates fully via io_uring to demonstrate the threat.