by Paul Ducklin DON’T LET ONE LOUSY EMAIL PASSWORD SINK THE COMPANY Microsoft’s tilt at the MP3 marketplace. Apple’s not-a-zero-day emergency....

by Paul Ducklin Java programmers love string interpolation features. If you’re not a coder, you’re probably confused by the word “interpolation” here, because it’s been borrowed as...

by Paul Ducklin Remember Log4Shell? It was a dangerous bug in a popular open-source Java programming toolkit called Log4j, short for “Logging for Java”, published by the...

Dive into the case for RASP to combat Log4Shell and why Web app firewalls aren't great for these types of attacks.

Invicti SCA enables users to track and secure open-source components to reduce security risk.

Unless you can gain full visibility into how data flows to and through your dependencies, you can’t be sure if you are affected by this vulnerability.

A "potentially destructive actor" aligned with the government of Iran is actively exploiting the well-known Log4j vulnerability to infect unpatched VMware Horizon servers with ransomware. Cybersecurity firm SentinelOne dubbed the group "TunnelVision" owing to their heavy reliance on tunneling tools, with overlaps in tactics observed to that of a broader group tracked under the moniker Phosphorus

Latest episode - listen and learn!

Organizations should focus on proactive, development-based approaches to security.

It's time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn't viewed as a critical executive function.

Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.

Application Security Module unifies multicloud observability and advanced AIOps with real-time vulnerability management and defense.