Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In cybersecurity, the ability to gather, analyze, and act on data determines how well an organization can anticipate threats, detect vulnerabilities, and respond to attacks. But not all intelligence is created equal. Knowing what data to collect, where to find it, and how to interpret it is what separates reactive security teams from proactive ones.

You wake up to an unusual notification—a new device logged into your work email account overnight. But it’s not yours.

Open Source Intelligence (OSINT) is the backbone of modern cybersecurity investigations, helping analysts and law enforcement uncover threats, assess risks, and gather intelligence from publicly available sources. In this guide, we break down everything you need to know about OSINT, from key frameworks and tools to how it's used in cybersecurity.

As AI becomes an increasingly critical component in the digital supply chain, tech buyers are struggling to appropriately measure and manage their AI risk. Keeping tabs on emerging risk from the AI technology they use is hard enough. But often the most crucial AI business functions that organizations depend upon aren’t directly under their control or care, but instead are governed by the tech vendors that embed them into their underlying software.

With increased reliance on the cloud and data being today’s digital currency, cybercrime has become a pervasive threat that impacts individuals, businesses, and governments alike. Understanding the various types of cybercrime is essential for developing effective strategies to protect against these malicious activities.

This article provides details on how Bitsight TRACE addressed CVE-2024-23897, an arbitrary file read vulnerability that affects Jenkins, a well-known open-source automation server. It includes technical details, common pitfalls, and decisions made since the CVE disclosure until now. The investigation of CVE-2024-23897 is an example of how we can obtain the target instance version but not solely rely on it to classify an instance as vulnerable. First, we go deep to understand the vulnerability.

The Sarbanes-Oxley Act (SOX), enacted in 2002, is a U.S. federal law established to enhance corporate governance and strengthen the accuracy and reliability of financial reporting for publicly traded companies. SOX aims to protect investors and the public by enforcing stringent reforms to improve financial disclosures and prevent corporate fraud.

It’s every security manager's worst nightmare. A member of the IT department reaches to alert that malicious software has been detected on an internal network, and the hacker potentially has access to layers of sensitive data.

A third-party data breach is a security incident where an organization's sensitive data is compromised or stolen due to a vulnerability or cyber attack on one of its third party vendors. This type of breach happens outside the primary organization's own IT infrastructure but still impacts them, as the third-party vendor, contractor, or service provider has access to their data.