Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Trustwave's Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration. Based on current information, we confirm there has been no exposure or impact to us or our clients.

If you’ve ever worked with Rancher projects, you know they’re a handy way to group namespaces, manage RBAC, and keep your Kubernetes world a little less chaotic. But what happens if a project or its namespaces vanish? That’s where CloudCasa comes in. It makes restoring Rancher projects and their workloads surprisingly simple. Let’s break it down into the three main situations you might run into.

Our customers have been telling us for months: “You’ve made security simple.” Today, Forrester confirmed what our customers already knew. Mend.io has been recognized as a Strong Performer in The Forrester Wave: Static Application Security Testing Solutions, Q3 2025. In our first appearance in the evaluation, we earned top scores in Innovation and Triage. But the recognition that matters most? Being highlighted as a customer favorite.

A new integration between 1Password Device Trust and Zscaler marks the first step in helping our shared customers implement Zero Trust practices. 1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust.

Ori Asias, Progressive Senior VP, guides global IT transformations, fostering growth, positive cultures, leveraging a BSc in Industrial Engineering, and pivotal roles in CIO, CISO, and DevOps. Security experts dedicated to shaping insightful editorial content, guiding developers and organizations toward secure cloud app development. Dive into a wealth of knowledge and experience in fortifying software integrity.

Aviram Shmueli is a distinguished cybersecurity and cloud computing expert with a background steeped in 8200 and the Israeli Ministry of Defense. He has over 20 years of hands-on and senior managerial experience in engineering and product management. Yesterday, a critical supply chain attack impacting 18 widely used npm packages was disclosed. These packages collectively account for nearly 2 billion weekly downloads.

We’re excited to announce that Snyk has been recognized as a Leader in the Forrester Wave: Static Application Security Testing (SAST) Solutions, Q3 2025. This recognition affirms our place at the forefront of developer-first security — and highlights the innovation, customer impact, and platform breadth that continue to set us apart.

By James Rees, MD, Razorthorn Security The Digital Operational Resilience Act (DORA) isn’t just another regulatory hurdle to clear. It’s fundamentally changing how financial institutions think about operational risk, particularly when it comes to the third party providers that now handle much of their critical technology infrastructure. DORA third party compliance has become a critical priority for EU financial institutions since the regulation came into force in January 2025.

Security analysts work on the front lines, responsible for protecting organizations every hour of the day from all threats. Our mission has always been to empower the SOC with end-to-end visibility to focus on what matters most and act with clarity, context and speed to resolve any attack.

A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted JSON payloads.