Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With the announcement of Anthropic’s Claude 3.7 Sonnet model, we, as developers and cybersecurity practitioners, find ourselves wondering – is the new model any better at generating secure code? We commission the model to generate a classic CRUD application with the following prompt: The model generates several files of code in one artifact, which the user can manually copy and organize according to the file tree suggested by Claude alongside the main artifact.

As the adage goes, time is money, and nowhere does this ring more true than in an evolving threat landscape. The faster companies detect, respond, and recover from data breaches, the better for their pockets. Using AI and security automation to shorten the breach lifecycle has been shown to save $2.2 million more on average compared to not employing these technologies.

The latest version of the CIS Controls was released in June 2024. The new version, 8.1, introduces some minor updates via design principles. With these changes in design principles, CIS Controls v8.1 has made updates to the following: The most notable improvement for the CIS Controls v8.1 is the addition of “Governance” as a security function. CIS states, “Effective governance provides the structure needed to steer a cybersecurity program toward achieving their enterprise goals.”

Are you still running your package pipeline on default settings and grabbing libraries straight from public repos? Big yikes. That’s rolling out the red carpet for dependency confusion attacks to drop shady code into your project. It isn’t uncommon. Nearly half (49%) of organizations are exposed to the risks of a dependency confusion attack because they make the same mistakes. But what exactly is dependency confusion, and how do these attacks manage to infiltrate?

At Netacea we talk about protecting our customers from sophisticated attacks carried out by bots. But what does this actually mean? How do you know you’ve got a problem with sophisticated bot attacks? We go into a detailed explanation below but it’s worth remembering that there is a human adversary behind all automated attacks. Although somewhat autonomous once programmed, bots do not attack a target without human intervention.

API adoption has become a critical driver of digital transformation, fueling cloud migration, seamless integrations, and the monetization of data and functionality. This rapid expansion, however, has inadvertently created increasingly complex ecosystems that often outpace the security measures designed to protect them.

Trends observed by Kroll in Q4 confirm that 2024 was a year of fragmentation and fast-moving evolution for cyber threats, and they suggest that 2025 is likely to be similar. A key trend was the ongoing development of phishing techniques and approaches, as phishing’s continuation as a dominant method for initial access in 2024 illustrated. Aligning with trends from last year and previous years, professional services stands out as 2024’s most targeted sector.

Now that six in ten security leaders view AI as a “game changer” across all security functions and 85% of security professionals report increased AI investment and usage in the past year, it’s clear that AI is no longer a fringe technology in security operations. But the AI conversation has evolved recently as a new buzzword has taken over: agentic AI.

CrowdStrike is excited to announce the general availability of CrowdStrike Falcon Identity Protection for Microsoft Entra ID, unifying prevention, detection and response to identity-based attacks across hybrid environments. This builds on our existing protection for leading cloud-based identity providers, on-premises Active Directory, and SaaS applications.

CrowdStrike is thrilled to announce a collaboration with Oracle that will bring the unified, AI-powered protection of CrowdStrike Falcon Cloud Security support to Oracle Cloud Infrastructure (OCI). As OCI has become a strategic choice for organizations seeking enterprise-grade performance and security, this expansion improves the visibility and protection to defend against cloud-focused threats.