Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How to Map AI Risk to Existing Compliance Frameworks
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
AI Without Guardrails Is Like an Employee Without Training #ai #aisecurity #github
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
How Reach Fixes Microsoft Defender for Office 365 Configuration Drift
Microsoft Defender for Office 365 is powerful out of the box. The problem? Configurations drift. IT teams make changes the security team doesn't know about. Anti-phishing policies weaken. Safe Links gaps open up. And AI-powered attackers are finding those openings faster than any team can manually catch them. Reach analyzes your Microsoft Defender for Office 365 controls, activates underutilized capabilities, remediates misconfigurations, and keeps your deployment aligned to your security baseline continuously.
Why Endpoints are Still a Data Security Problem in the Age of AI
After decades of innovation in personal technology, ranging from watches that track personal fitness, mini super-computers that we call phones, and a whole host of other gadgets and self-help technologies, our companies still rely on one technology that started over 45 years ago – the laptop. Fun fact: the first one, called the Osborne 1, weighed 24 pounds! The modern laptop has a better screen, longer battery life, and weighs significantly less, but at its core is still a hard drive.
The Brutal Truth for CISOs Scared of AI
If one new model sends the whole security team into panic, the real problem is often weak architecture, weak monitoring and weak preparedness. Defence in depth, patching, incident response and proper visibility still matter more than fear of the latest AI announcement.
Code Orange: Fail Small is complete. The result is a stronger Cloudflare network
Over the past two and a bit quarters, we've undertaken an intensive engineering effort, internally code-named "Code Orange: Fail Small", focused on making Cloudflare's infrastructure more resilient, secure, and reliable for every customer. Earlier this month, the Cloudflare team finished this work.
Why CPU Cache Is Like a Scratchpad (and Memory Is a Bookshelf)
How does your computer actually find data? JQ Lau from Cloudflare's hardware team explains the difference between CPU cache and memory with a simple analogy — and why it matters when you're designing servers for millions of requests.
AI-SPM for Healthcare: HIPAA-Compliant AI Posture Management
A healthcare CISO opens her AI-SPM dashboard at the start of the quarter. Every clinical AI agent in the cluster reads green: full AI-BOM coverage, every permission scope reconciled, the HIPAA compliance tag clean across the fleet. The ambient scribe, the prior-authorization assistant, the oncology decision support agent — all monitored, all green, all the way through. Six months later, the Office for Civil Rights opens an investigation.
AI Threat Detection for Healthcare: Protecting Patient Data from AI-Mediated Attacks
For six weeks, a mid-size hospital system’s CDS agent issued recommendations biased by a poisoned guideline summary. No detection alert fired. The drift — denial recommendations in cases sharing one specific clinical attribute — traced back to a guideline an outside contributor had quietly reweighted in editorial review. Every existing detection stack reported green. DLP: no PHI left the cluster. EHR audit log: agent reading and writing within scope. Network egress: normal traffic.