Nucleus Webinar - Infrequent Risk Assessments
During a recent webinar, Enterprise Strategy Group Principal Analyst Tyler Shields shared details about how infrequently many organizations perform risk assessments.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Can Claude Opus 4.1 Improve My Code Security?
Anthropic just dropped Claude Opus 4.1, a major upgrade over Opus 4 for agentic tasks, real-world coding, and reasoning. In this episode, we put it through the same secure Node.js app challenge we’ve used for previous models, so you can see exactly how it stacks up!
MCP Server Management Options in VS Code
MCP Server Management Options in VS Code Check out the full video.
Echoes in the Shell: Legacy Tooling Behind Ongoing SharePoint 'ToolShell' Exploitation
The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share key findings from several observed intrusions across our monitored environments.
CVE-2025-53786: U.S. CISA Issues Emergency Directive for Post-Authentication Vulnerability in Microsoft Exchange Hybrid Configurations
On August 6, 2025, Microsoft disclosed a high-severity post-authentication vulnerability affecting on-premises Microsoft Exchange servers configured for hybrid-joined environments, tracked as CVE-2025-53786. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02, requiring federal agencies to patch the vulnerability by Monday, August 11.
Authenticated Scans: Uncover Risks Behind Login
Discover the power of authenticated scanning in uncovering hidden vulnerabilities. Unlike basic scans, authenticated scans log into your application with valid credentials to test deeper functionalities, detect misconfigurations, and identify security gaps inaccessible to unauthenticated methods.
Nucleus Webinar - Choosing the Right TEM Platform
Enterprise Strategy Group Principal Analyst Tyler Shields talks about the factors involved in choosing the right threat and exposure management platform.
Meeting the AI Mandates with Confidence: Why Federal Teams Trust Snyk
Federal agencies are moving fast to unlock AI's potential—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk. Security, trust, and transparency can’t be afterthoughts. They need to be part of the build and AI adoption process from day one. AI-driven development is exponentially increasing both code speed and code insecurity, as AI generates code with up to 40% more vulnerabilities than human developers.
CVE202554253 & CVE202554254 in Adobe Experience Manager Forms - What You Must Know
Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE) has suffered two critical vulnerabilities CVE‑2025‑54253 and CVE‑2025‑54254 disclosed in early August 2025. According to Adobe, both flaws carry public proof-of-concept (PoC) exploits, though there are no known in-the-wild attacks as of today.
You Can't Automate What You Don't Understand: Why Context Is the Missing Link in Exposure Management
In our recent webinar featuring Enterprise Strategy Group Principal Analyst, Tyler Shields, we discussed the widening gap between vulnerabilities organizations know about and what they can realistically fix. Most teams are swamped. Too much data, too many tools, and not enough people. Naturally, automation and AI come up as potential solutions. One comment from Tyler has stuck with me since watching and subsequently reviewing the webinar recording.