SaaS applications have fundamentally transformed business operations by enabling on-demand user access to services and data via the internet from anywhere. Yet, despite countless benefits, SaaS in the enterprise is fraught with cybersecurity challenges.

CVE-2024-3094 is a critical backdoor vulnerability found in the XZ Utils open-source library. The vulnerability was caused by a malicious code injected into the library by one of the maintainers. The vulnerability allows remote attackers to execute any desired code on systems with exposed SSH packages.

In an age where manufacturers have decided that just about every device needs to be “smart,” it’s becoming difficult to avoid the data collection and privacy invasion that are often baked into these devices. We have come to expect that smart phones and speakers with built-in digital assistants are always listening, and data collection practices between companies can vary significantly.

The growth of Internet of Things (IoT) devices is reshaping our digital landscape. From smart thermostats to industrial sensors to IP cameras to smart toilets, these devices drive efficiency through innovation. But they aren’t secure by nature. A new UK law aims to make IoT products much more secure. On April 29, the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act became official and is now enforcing compliance across IoT assets.

The rapid advancements in large language models (LLMs) have revolutionized how we interact with technology, powering various applications for different use cases. As the adoption of LLM-powered solutions continues to grow, so does the emergence of new and evolving security threats that aim to exploit these robust AI systems.

Building, pre-training, and fine-tuning an AI model is no small task and you’ll naturally want to protect your efforts from theft, denial of service attacks, malicious use, and other threats. In this blog we’ll go over the basics of keeping AI models safe from both legal issues and bad actors.

Since our beginning, CyCognito has integrated AI techniques to power robust and accurate attack surface discovery and testing. And we’re also adding new capabilities all the time. In this post, we’ll share with you some of the tasks that CyCognito’s AI helps power or simplify, along with a primer of the various techniques we leverage.

When it comes to how employees get work done, personal devices are an ever-growing part of the equation. The 2023 Lookout State of Remote Work Security Report found that 92% of remote workers have performed work tasks on their personal mobile devices. While putting security controls on employer-owned devices is a no-brainer, the increasing overlap of personal with professional means that organizations need to think about how to secure employee-owned devices that are being used for work.