Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The year 2024 was full of incidents, hacker attacks, and security flaws that were used in the wild. Were there any incidents related to the Atlassian ecosystem? Outages? Security flaws? We’ve decided to analyze it. In comparison to the previous year, the number of incidents in Jira grew by 44%, and when we compare it to 2022 the percentage is even higher – 63% – in 2022 there were reported 59 incidents, in 2023 – 75, and in 2024 their number grew to 132 incidents.

Artifactory token leaks are not the most common, but they pose significant risks, exposing sensitive assets and enabling supply chain attacks. This article explores the dangers of leaked tokens and proposes mitigation strategies, including token scoping and implementing least privilege policies.

Every day, insurance companies manage vast amounts of sensitive data, including medical records, financial information, and personal identifiers—all of which are processed and stored across various services, applications, and cloud resources. The types of sensitive data that these companies collect has become more complex and nuanced, with varying requirements for protection.

Today, Arctic Wolf successfully completed the acquisition of BlackBerry’s Cylance endpoint security assets. With this acquisition, we are thrilled to welcome hundreds of new partners and thousands of customers to The Pack. Additionally, we are excited to welcome almost 400 new employees who will join Arctic Wolf offices around the globe.

How Corelight Open NDR secures cloud workloads beyond runtime security tools.

Cyber adversaries operate with one goal in mind—stealth. The longer they go undetected in an environment, the more damage they can cause. Dwell time is the total amount of time that a threat remains unnoticed in a system, from initial compromise to discovery. According to the most recent threat reports, the average dwell time for undetected breaches has reduced but remains at 10-15 days, providing attackers enough time to exfiltrate data, launch ransomware, or establish persistent access.

Imagine a sleek, high-tech sports car racing downhill without brakes. Now, imagine that car is actually the AI driving your business. Powerful yet precariously close to catastrophe. That’s why, as we accelerate AI adoption, including AI agents, we can’t afford to overlook security guardrails. This fact was front and center during the recent “large-scale cyberattack” on DeepSeek, a strategic open-source AI player from China that’s been disrupting the global AI space.

A quantitative approach to prompt tuning and LLM evaluation Elastic has long been developing machine learning (ML) and AI-powered security detections. We constantly bring in new technologies when available to help make our users’ lives easier. So, with the rise of generative AI (GenAI), we have developed even more Elastic Security features to use this powerful, new technology. Among those are.

A little over a year ago, the US SEC’s rules on cybersecurity incident disclosures were enacted, mandating that all publicly traded companies report material cyber events within four days after they had been determined as such unless exempted for national security or safety reasons. The rationale behind these rulings was that they would provide investors and relevant stakeholders with the information necessary to make more informed decisions, thereby leading to more realistically priced options.

Are you an SAQ A merchant figuring out if or how the PCI DSS 4 update applies to you? Let’s break it down in simple terms before you talk to your QSA and ISA.