Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
CVE-2024-55591: Fortinet FortiOS/FortiProxy Zero Day
In late November and December 2024, Arctic Wolf observed evidence of a mass compromise of Fortinet FortiGate. While the initial attack vector was unknown at the time, evidence of compromise (with new users and SSL profiles) was consistent across compromised devices. On January 14, Fortinet released a formal statement and patch. The vulnerability is an Authentication Bypass via crafted requests to Node.js websocket module and issued CVE-2024-55591. The CVSSv3 score is 9.6.
Seal Security and Snyk: Better Together
Watch the demo to discover how Seal Security and Snyk offer a unified, efficient solution for delivering open source security patches. See how their partnership ensures seamless, predictable remediation of open source vulnerabilities across both application code and container images.
Snyk Security Labs Testing Update: Cursor.com AI Code Editor
Snyk’s Security Labs team aims to find and help mitigate vulnerabilities in software used by developers around the world, with an overarching goal to improve the state of software security. We do this by targeting tools developers are using, including new and popular software solutions. With the meteoric rise in AI tooling – specifically the fast-growing field of AI-enabled development environments – we have been including such software in our research cycles.
Snyk Recognized as Trusted Partner and Innovator by JPMorganChase
Snyk is the trusted partner for financial services companies, empowering them to modernize application security while safeguarding critical infrastructure. Backed by industry leaders, we are committed to exceeding expectations, driving innovation, and redefining security for financial services. This is one of the reasons Snyk was recently inducted into JPMorgan Chase’s Hall of Innovation, for our central role in helping them to build the future of banking securely.
Demonstrating reduction of vulnerability classes: a key step in CISA's "Secure by Design" pledge
In today’s rapidly evolving digital landscape, securing software systems has never been more critical. Cyber threats continue to exploit systemic vulnerabilities in widely used technologies, leading to widespread damage and disruption. That said, the United States Cybersecurity and Infrastructure Agency (CISA) helped shape best practices for the technology industry with their Secure-by-Design pledge.
Your Client Requires NIS2 Vulnerability Patching. Now What?
TL;DR: The new EU cybersecurity directive, NIS2, is already reshaping how software suppliers do business through stricter vulnerability management requirements in procurement contracts. This shift is gaining momentum, and more companies will need to adapt. Aikido helps automate compliance reporting and vulnerability tracking to meet these new demands. Start your free compliance journey here, or read on to understand what this means for your business.
Everything you NEED to know about DevSecOps in 5 Minutes
In this video we will be diving deep into DevSecOps. We will learn what DevSecOps is, what the difference is between DevOps and DevSecOps and what the benefits are of DevSecOps. Stick around to find out how this practice transforms the way you build software.
How Attackers Exploit APIs for Rapid Data Breaches #Vulnerabilities #TechTrends #CyberThreats
Attackers now exploit APIs for rapid data breaches, taking advantage of a 96% rise in API-related vulnerabilities. Learn how realized risks (breaches) differ from unrealized risks (vulnerabilities) and why APIs are top targets. Stay informed on API security trends.
CISO predictions: What does 2025 hold for attack surface management (ASM)?
We’ve asked Outpost24’s CISO, Martin Jartelius, what 2025 is likely to hold for organizations using attack surface management (ASM) tools. Here’s what Martin had to say about what he predicts for ASM in 2025, as well as some thought on how the CISOs role might change.