Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With 5+ vulnerabilities being discovered every minute, a SOC 2 (System and Organization Controls 2) compliance certificate demonstrates to customers and partners that the organization is committed to security and adheres to industry best practices for safeguarding data. Apart from customer trust, it can help organizations find and fix security vulnerabilities before attackers can exploit them.

One word defines success or failure in the race to adopt AI in security workflows: trust. While the industry moves fast toward automation and autonomy, adoption often stalls when developers and the teams supporting them can’t trust what the AI delivers. It’s not enough for a tool to explain what it did. Developers want to know: Did it actually fix the problem? Will this change break something else? Can I rely on it again next time? Nowhere is that skepticism more justified than in security.

Organizations today rely on an increasing number of applications installed on enterprise devices just to “keep the lights on” and business functioning. Being able to immediately access emails, files, communications, and web conferencing tools has never been more critical with the rise of remote and hybrid work.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from May about Scattered Spider, Lumma Stealer and more.

Logging and monitoring failures occur when security-relevant events are not properly captured, stored, or analyzed, making it difficult or impossible to detect ongoing attacks or respond effectively. These failures include missing logs, incomplete data, ineffective alerting mechanisms, insecure log storage, and inadequate retention policies. Such gaps are often exploited by attackers who rely on invisibility to move laterally across systems.

Cryptographic failures refer to the improper use, implementation, or management of cryptographic systems. These issues often result in unauthorized exposure of sensitive data like passwords, credit card numbers, or personal records. In the OWASP Top 10 – 2021, this category replaced the broader ‘sensitive data exposure’ from the 2017 list, with a sharper focus on the misuse or failure of cryptographic mechanisms.