Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A supply chain attack does not start with your firewall. It starts with someone else’s. Instead of targeting your company directly, a cyber attacker looks for weak spots in your organization’s supply chain. That could be a trusted third-party vendor, a widely used software supplier, or even an outdated package from an open-source code repository. Once they find an opening, they exploit security vulnerabilities to gain access to your systems without ever going through the front door.

For financial institutions in New York, the NYDFS Cybersecurity Regulation (23 NYCRR 500) is a vital mandate that requires a strong and comprehensive cybersecurity framework. This regulation outlines numerous requirements aimed at safeguarding customer data and maintaining the integrity of financial systems.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we’ll explore how to prevent our data from being used by AI. The internet remembers everything. The album you posted on Facebook seven years ago, the silly blog you published when you were in school, the memes you liked, the videos you viewed—everything is etched onto the internet. You may forget, but the internet remembers.

In the race to deliver software faster and more frequently, Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern DevOps workflows. But with this speed comes a critical trade-off — security. Integrating security checks into your CI/CD pipeline is no longer optional; it’s a necessity. This is where CI/CD security scanning steps in.

The future of business technology leadership is being reshaped daily; by AI, cloud-native operations, decentralized decision-making, and rapidly shifting business demands. In this evolving landscape, titles matter less than mindset. Whether you’re a CIO, a VP of engineering, a security leader, or a digital transformation manager, the way you lead through technology is changing. What defines today’s most effective business technology leaders?

A constantly shifting threat landscape has given rise to a new cyberattack vector, driven by two powerful forces: the rapid migration of data to the cloud and the fundamental change in how employees access and interact with that data. Today’s workforce expects the freedom to work and access information from any device—especially mobile devices, which have become integral to their professional and personal lives.

Magecart is a long-running digital skimming threat attributed to multiple financially motivated cybercriminal groups specializing in the theft of payment card data from e-commerce websites. First identified in 2015, Magecart attacks have continuously evolved, leveraging compromised third-party services, supply chain vulnerabilities, and increasingly sophisticated obfuscation tactics to inject malicious JavaScript skimmers into checkout pages.

Researchers at Cisco Talos warn that major phishing kits continue to incorporate features that allow them to bypass multi-factor authentication (MFA). Commodity phishing kits like Tycoon 2FA and Evilproxy achieve this by using reverse proxies to intercept traffic from the authentication process during a phishing attack.

In this blog, we’ll break down why machine identity security is essential, highlight Gartner’s recent research, and connect these insights to real-world issues and solutions discussed in our NHI blog series.

According to Security Score Card in 2024 35.5% of breaches were related to third party access. Our software is primarily written in Go and we wanted to share how our engineering team approaches managing dependencies.