Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today's world, data is king, but it's also a source of risk. Companies face a constant barrage of threats that can lead to devastating data loss. These include everything from simple hardware and software failures to natural disasters and major cyber attacks. The consequences of data loss can be severe, impacting revenue, operations, reputation, and legal compliance, so planning for these worst-case scenarios is an important part of an IT team’s playbook.

The security industry has reached a turning point with AI. It’s no longer just hype, as AI has now become a critical part of day-to-day cybersecurity operations. According to The Rise of AI-Powered Vulnerability Management, the latest report from Seemplicity and Dark Reading, 86% of security teams now use some form of AI in their security stack. More than half of respondents say AI is already crucial to their work.

In the constantly evolving world of cybersecurity, defense teams need all the resources they can get to keep up. Fortunately, the massive advances in generative AI present SOC teams with a powerful set of tools to optimize security practices and match even fully automated adversaries using natural language input. Microsoft Security Copilot is among the most advanced examples of these tools.

Containerization, a form of lightweight virtualization, lets applications inhabit their own self-contained environments. Each container packages everything an application needs to run – code, runtime, libraries – keeping it neatly separated from everything else. This isolation is a big deal because it means a problem in one container won’t bring down the whole environment.

Our Aikido Intel team has been identifying undisclosed open-source vulnerabilities using LLM-driven analysis and human verification. Now, we’re expanding our supply chain security research to detect and track malware in open-source packages, cheaper, better, & faster than what exists today.

On March 13th 2025, our malware analysis engine alerted us to a potential malicious package that was added to NPM. First indications suggested this would be a clear-cut case, however, when we started peeling back the layers things weren’t quite as they seemed. Here is a story about how sophisticated nation state actors can hide malware within packages.

Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista. FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under lingering FDCC compliance obligations.

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication (BOLA) and broken function-level authentication (BFLA), remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. It will also discuss potential approaches for improving API security posture.