Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In April, three major supply chain campaigns hit npm, PyPI, and Docker Hub in just 48 hours, and while the ecosystems were different, the objective was the same: steal credentials from developer environments and CI/CD pipelines. The malware targeted API keys, cloud credentials, SSH keys, GitHub tokens, npm tokens, environment variables, and more, turning developer machines and build systems into high-value credential vaults for attackers.

The previous episode of the Adversary Universe podcast explored the “vuln-pocalypse” and the implications of advanced AI models accelerating vulnerability discovery and exploitation. Now, we’re diving into how companies are working together to face these evolving security risks. CrowdStrike Chief Business Officer Daniel Bernard spends much of his time talking with partners and customers about how to address their growing concerns: Is their business protected? Do they know which vulnerabilities are in their environment? What do they do about them?

The emergence of quantum computing has introduced a definitive expiration date for classical encryption, fueling a "harvest now, decrypt later" strategy among sophisticated nation-state actors. In this episode, Vince Stoffer joins Richard Bejtlich to demystify Post-Quantum Cryptography (PQC) and explain why organizations must move beyond a "set it and forget it" mentality regarding their encryption standards.

Mythos has elevated cybersecurity concerns, but it does not need to change the playbook completely.

A step-by-step tutorial for integrating Active Directory in your Sophos Firewall. The steps are shown in SFOS v21, so the steps and user interface may vary slightly in later versions. Ask questions and get expert answers in the Sophos Community.

A ransomware group called Warlock tore through more than 60 organisations in six months, targeting the nuclear energy, aerospace, and government sectors. They chain zero-days and neutralise antivirus software using signed Chinese drivers. This is how they operate and how the Sophos CTU tracked them across eleven incidents to expose their full playbook​

Stablecoin transaction volumes have hit $33 trillion. Hong Kong just issued its first stablecoin licenses. In this panel from Fintech Fireside Asia, leaders from Fireblocks, Coinbase, FOMO Pay, and AWS break down what's actually happening on the ground across APAC: real use cases, shifting risk models, and where institutional adoption goes next. Panelists: Dan Sleep, Head of Business Solutions, APAC, Fireblocks Hassan Ahmed, Country Director Singapore, Coinbase Zack Yang, Co-founder, FOMO Pay Naveen Gupta, Head of Business Development, Payments, APJ Leader, AWS.

Want to allow external users to edit shared Confluence pages securely? In this video, we walk you through the Page Edit feature in the miniOrange Secure Share app for Confluence Cloud, showing how to create a secure share link with edit permissions and how external recipients can edit page content directly from the shared link.

For many security teams, bug bounty programs are a double-edged sword: they provide critical insights automated tools miss, but they also introduce a massive operational burden due to free-form, unstructured, and noisy data. In this video, Kevin Swan, Sr Product Marketing Manager at Seemplicity, demonstrates how Seemplicity's Exposure Action Platform bridges the Triage Gap by transforming unstructured HackerOne findings into clear, trackable fixes. Learn how to move findings from a third-party platform into a remediation workflow without slowing down your engineering teams.

Is your security team drowning in a "WTF" moment? When vulnerability scanners return 45,000+ critical findings, manual workflows simply can't keep up. In this session, Megan Horner (Director of Product Marketing at Seemplicity) explores why traditional vulnerability management is failing in the age of AI-driven attacks. What you’ll learn: Stop treating remediation as a manual chore and start building an automated pipeline.