Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Federal Desktop Core Configuration (FDCC) was mandated by the US Office of Management and Budget (OMB) in 2007 and provides a set of security standards that must be adhered to by all federal workstations and laptops running Windows XP or Vista. FDCC evolved into the United States Government Configuration Baseline (USGCB) starting in 2010, although some agencies and contracts may still be under lingering FDCC compliance obligations.

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

Secrets aren't just in code. GitGuardian’s 2025 report shows major leaks in collaboration tools like Slack, Jira, and Confluence. Here’s what security teams need to know.

On March 13th 2025, our malware analysis engine alerted us to a potential malicious package that was added to NPM. First indications suggested this would be a clear-cut case, however, when we started peeling back the layers things weren’t quite as they seemed. Here is a story about how sophisticated nation state actors can hide malware within packages.

Containerization, a form of lightweight virtualization, lets applications inhabit their own self-contained environments. Each container packages everything an application needs to run – code, runtime, libraries – keeping it neatly separated from everything else. This isolation is a big deal because it means a problem in one container won’t bring down the whole environment.

In the constantly evolving world of cybersecurity, defense teams need all the resources they can get to keep up. Fortunately, the massive advances in generative AI present SOC teams with a powerful set of tools to optimize security practices and match even fully automated adversaries using natural language input. Microsoft Security Copilot is among the most advanced examples of these tools.

The security industry has reached a turning point with AI. It’s no longer just hype, as AI has now become a critical part of day-to-day cybersecurity operations. According to The Rise of AI-Powered Vulnerability Management, the latest report from Seemplicity and Dark Reading, 86% of security teams now use some form of AI in their security stack. More than half of respondents say AI is already crucial to their work.

In today's world, data is king, but it's also a source of risk. Companies face a constant barrage of threats that can lead to devastating data loss. These include everything from simple hardware and software failures to natural disasters and major cyber attacks. The consequences of data loss can be severe, impacting revenue, operations, reputation, and legal compliance, so planning for these worst-case scenarios is an important part of an IT team’s playbook.

We’re announcing that Syteca has successfully renewed its Cyber Essentials certification — a crucial step in ensuring our continued commitment to strong cybersecurity practices. We have once again confirmed that our company is 92% more resilient than organizations operating in the UK without the certification. As cyberattacks evolve, taking proactive security measures is crucial.

‍Continuous Threat Exposure Management (CTEM) tools are extremely business-savvy investments, particularly for large-scale enterprises that have broad business networks and harness hundreds of cloud-based solutions, offering a detailed, real-time view of an organization's cyber exposure.