Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Stop Orchestrating Around Bad Detections

Security operations teams are drowning in telemetry. Rule-based detections still do the heavy lifting, but they often force you to choose between high noise and blind spots, especially when adversaries live off the land and blend into legitimate activity. Over the past year at BlueVoyant, we’ve been testing and deploying Microsoft’s User and Entity Behavioral Analytics (UEBA) capabilities across our customer base, and the results have been eye-opening.

Cato CTRL Insights: Governing Hermes Agent, Security for AI That Learns, Remembers, and Acts

Agentic AI is evolving from assistants that answer questions into systems that can remember, use tools, call APIs, interact with SaaS applications, and improve over time. Hermes Agent, developed by Nous Research, reflects this shift as a self-improving agent that can create skills, persist knowledge, and build context across sessions., reflects this shift as a self-improving agent that can create skills, persist knowledge, and build context across sessions.

Why Restricting AI Code Security Tools Is the Wrong Answer - and What AppSec Programs Actually Need

I signed the Free Fable letter at freefable.org. I want to explain why — and why the reasoning behind it matters for AI code security beyond any single AI model. Cybersecurity defenders are not just critics of technology. We are the builders and operators of the systems that keep real organizations running under pressure.

We wrote the docs

Most security vendors hide their documentation behind a login. Some don’t write it at all. You get a sales page, a demo, and a request to install an agent on your servers, and you’re expected to trust that the thing does what the marketing says. That’s backwards. So we wrote the docs, and we put all of them at certkit.io/docs. No login, no account gate, no “contact us for details.” You can read every page before you create an account.

The Howler Episode 31 - Trisha Farrow

This month, we sit down with Trisha Farrow, our Senior Vice President of People and Facilities. In this episode, Trisha Farrow shares the heart behind her leadership—why human connection, courage, and curiosity matter more than ever in a fast-changing world. From building inclusive cultures to navigating AI in HR, she offers a powerful perspective on what it really means to lead people, not just processes.

Inside CVE-2026-53435: Authenticated Deserialization to Full Controller Takeover in Jenkins via config.xml

How a low-privileged account turns an XML configuration upload into arbitrary file read, user impersonation, and remote code execution — and how to detect and stop it. Published 16 June 2026 · Fact-checked against the official project advisory and government vulnerability databases.