Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Curious no claims on the attack, could that suggest an insider?

This blog explores exploitable vulnerabilities meaning by demystifying the concept and explaining what the phrase actually entails – both as a category and in the context of specific threats. Understanding which vulnerabilities can be actively exploited – and learning how to address them – is essential for any organization striving to stay secure.

At Vanta, our mission is to secure the internet and protect consumer data. The proliferation of AI has made this both more challenging—and more important—than ever before. In our ongoing mission to ensure we safely use AI and demonstrate trustworthy AI practices, we’re excited to announce that Vanta is the first trust management platform to achieve ISO 42001 certification from an ANAB-accredited 42001 assessor. ‍

In the race to scale digital platforms, security should never slow you down. Yet, many security solutions are often rigid, complex, and operationally intrusive. That’s why we built AppSentinels to deliver robust API protection without disrupting performance, processes, or peace of mind. From day one, AppSentinels was engineered with operational ease at its core—so security and DevOps teams can sleep easy, knowing their APIs are secured by design. Here’s how we do it.

The 2025 State of Detection Engineering at Elastic explores how we create, maintain, and assess our SIEM and EDR rulesets. Today, Elastic Security Labs is releasing the 2025 State of Detection Engineering at Elastic! This brand new report is the first of its kind — we’re pulling back the curtain on our Detection Engineering practices, going beyond the traditional survey-style State of Detection Engineering report.

ARMO researchers reveal a major blind spot in Linux runtime security tools caused by the io_uring interface—an asynchronous I/O mechanism that bypasses traditional system calls. Most tools, including Falco, Tetragon, and Microsoft Defender fail to detect rootkits using io_uring because they rely on syscall monitoring. ARMO’s proof-of-concept rootkit, Curing, operates fully via io_uring to demonstrate the threat.

Have you ever wondered how hackers breach your accounts even if they don’t know your password? It’s not just luck or guesswork; a dictionary attack is one of many methods cybercriminals use to crack passwords and break into your online accounts. Throughout this article, we will break down what a dictionary attack is, how it works, and the steps you can take to prevent threat actors from cracking your passwords and stealing your personal information.