Today, we’re thrilled to announce Jit Tags, which organizes security risks across your environment by microservice, application, business unit, and other vectors, while providing a high-level risk overview of each component.

API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to achieve their malicious goals and they frequently automate their actions for maximum results.

A new survey of hackers shows that AI is not only empowering hackers to be more effective, but that AI itself is “ripe for exploitation.” Rarely do we get to ask a hacker “what do you think” when it comes to cyber attacks, cybersecurity efforts, and what they think the future will hold. But Bugcrowd’s 2024 Inside the Mind of a Hacker Report (which surveyed 1300 hackers) hosts a treasure trove of data around how hackers see AI and the value it brings.

The rapid adoption of cloud technologies and the increasing reliance on distributed workforces have transformed the modern business landscape. However, these shifts come with significant risks, particularly concerning the protection of sensitive data.

On November 20th, 2024, Zero Day Initiative (ZDI) researchers disclosed a critical flaw in 7-Zip. This widely used open-source file archiving software enables remote actors to perform remote code execution (RCE) on vulnerable 7-Zip versions. This vulnerability was originally discovered earlier this year and was reported to 7-Zip in June 2024.

When the tools in your security stack work together, it reduces administration overhead, lowers costs, and increases protection across your organization. That’s why we’ve spent the last year deepening our partnership and product integrations with AWS and other security providers in their ecosystem.

As cyber threats escalate in frequency and severity, IT and security teams face increased pressure to maintain transparency. With this in mind, the US Securities and Exchange Commission’s (SEC) Cyber Disclosure Rule, released on 26 July 2023, mandates timely and detailed public disclosures about cyber incidents.

Microsoft 365 (M365) has become the industry standard for business email platforms, allowing users access to a variety of interconnected productivity and communication applications. With data readily available across multiple applications within M365, threat actors are using a specific technique to exfiltrate data within a user’s M365 email account.