Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Here’s what you need to know about the progression of the Polyfill supply chain attack and how to respond.

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

In 2023 alone, there were over 3,200 reported cyberattacks, with over 350 million victims in the United States. That’s not to mention the undetected or failed attacks by these cybercriminals, both external and internal, to get access to sensitive data and customers’ Personal Identifiable Information (PII).

As developers, we often have to work with REST APIs when we integrate with third-party systems or connect between frontend and backend systems at work. APIs, and REST APIs in particular, are a fundamental part of modern web applications, allowing us to create, read, update, and delete data over HTTP. However, as with any technology, they come with their own set of security challenges. Let's break these challenges down and understand how to secure REST API applications.

Container security is crucial in the age of microservices and DevOps. Learn about common container vulnerabilities, container security scanning, and popular tools to secure your containers in this comprehensive guide.

The threat of phishing attacks looms larger than ever. The LA County Department of Public Health recently announced that 50 employees fell victim to phishing attacks, compromising sensitive patient data. These deceptive schemes have become a staple in the cyberthreat landscape, targeting individuals and businesses of all sizes. For every employee, understanding the signs and consequences of a phishing attack is crucial to safeguarding their organization.

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. “Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts,” the advisory states.

As workforce productivity increasingly depends on web-based applications, browsers have become essential gateways to the “connectivity economy.” According to recent data, 93% of desktop internet traffic in 2023 traversed through four popular web browsers.

In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library – which offers a text-to-SQL interface for users – where we discovered CVE-2024-5565, a remote code execution vulnerability via prompt injection techniques.