Ian Barker

Not all browser extensions are created equal, and just because one is available in a high-profile store doesn't mean it's safe. Stores may do simple verifications to check for obvious red flags, but it's not part of their workflow to investigate deeper indicators of suspicious or malicious behavior.

ExtensionPedia, a new database developed by LayerX, changes that by providing individuals and businesses with detailed risk analyses on over 200,000 extensions to distinguish between safe, risky and malicious tools.

Continue reading →

According to recent projections from Gartner, by 2028 90 percent of enterprise software engineers will use AI code assistants, up from less than 14 percent in early 2024. But relying on AI in development roles also introduces risks.

Snyk is launching a new AI-native agentic platform specifically built to secure and govern software development in the AI Era.

Continue reading →

The promise of GenAI is undeniable, it offers transformative potential to streamline workflows, boost efficiencies, and deliver competitive advantage. Yet, for many organizations, the journey to implement AI is far from straightforward.

Obstacles typically fall into three categories: strategic, technological, and operational. We spoke with Dorian Selz, CEO and co-founder of Squirro, to explore these obstacles in more detail, as well as looking at some of the biggest misconceptions enterprises have when starting their GenAI journey.

Continue reading →

A new report from Orchid Security shows nearly half of enterprise applications violate basic credential-handling guidance, with 44 percent undermining centralized identity provider (IdP) policies and 40 percent falling short of widely accepted identity-control standards.

Orchid analyzed authentication flows and authorization practices embedded deep within enterprise applications and finds clear-text credentials in nearly half. These are normally associated with alternative access flows, often for non-human accounts, but they also present an easy target for threat actors seeking entry or lateral movement.

Continue reading →

In recent years more and more organizations have been turning to the cloud for their IT requirements.

But with public, private and hybrid options to choose from the cloud landscape is complex. It's no surprise then that enterprises are increasingly leveraging MSPs to manage their public cloud deployments for them.

Continue reading →

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

Continue reading →

As Java marks its 30th anniversary on May 23rd, it's a powerful reminder that few technologies have had the longevity -- or the impact -- of a language first launched in 1995.

Today, Java continues to underpin much of modern software development, from cloud-native systems to enterprise-scale applications.

To mark this milestone, we caught up with Dewan Ahmed, principal developer advocate at Harness. Dewan, whose work focuses on empowering DevOps and engineering teams to deliver reliable, efficient, and secure software. He has seen first-hand just how much Java has changed over the past decade.

Continue reading →

Non-human identities (NHIs) -- such as service accounts, tokens, API keys, and workloads -- are exploding in volume, now outnumbering humans 50 to one, but they remain under-observed, under-protected, and dangerously over-privileged.

New data from identity security platform Silverfort shows 40 percent of cloud NHIs do not have an owner. These accounts are often excluded from proper lifecycle management, leaving them unobserved, unprotected, and open to abuse.

Continue reading →

Ignoring vulnerabilities and exposures may not seem like a good idea, but conventional strategies rely heavily on vulnerability severity (CVSS) and exploitability indicators (EPSS), which ignore whether vulnerabilities are exploitable or already mitigated by existing defenses in a specific organization.

More than 40,000 new CVEs were disclosed in 2024, of which 61 percent were labeled as high or critical, but they won't all be a risk to every business. A new tool from Picus Security allows security teams to verify the exploitability of vulnerabilities and determine which pose real-world risks based on their unique environments.

Continue reading →

New research shows that 30 percent of large enterprises have already made the strategic commitment to a sovereign AI and data platform, and 95 percent say it will be mission critical for them within the next three years.

The research by EDB interviewed more than 2,000 senior executives across 13 countries about how they are planning for the agentic AI world. The initial findings show that 30 enterprises a day are making strategic commitments to becoming sovereign AI and data platforms.

Continue reading →

A new report from CyCognito highlights critical security vulnerabilities across cloud-hosted material, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets.

Though uncommon, critical vulnerabilities (CVSS 9.0 or higher) have been detected on assets hosted by all cloud providers, with assets hosted by Azure showing a slightly higher percentage (0.07 percent) compared to assets hosted by AWS and Google Cloud (0.04 percent).

Continue reading →

Runtime AI defense platform Operant AI is launching Woodpecker, an open-source, automated red teaming engine, that isn't for the birds but aims to make advanced security testing accessible to organizations of all sizes.

As organizations increasingly adopt complex cloud-native applications and AI technologies, security vulnerabilities have become more sophisticated and challenging to detect. Woodpecker is designed to help organizations proactively detect and address security vulnerabilities across AI systems, Kubernetes environments, and APIs.

Continue reading →

Hybrid cloud infrastructure is under mounting strain from the growing influence of artificial intelligence, according to a new report.

The study, from observability specialist Gigamon, of over 1,000 global security and IT leaders, shows breach rates have surged to 55 percent during the past year, representing a 17 percent year-on-year rise, with AI-generated attacks emerging as a key driver of this growth.

Continue reading →

Use of generative AI is becoming more common, but this comes with a multitude of inherent risks, security and data privacy being the most immediate. Managing these risks may seem daunting, however, there is a path to navigate through them, but first you have to identify what they are.

We talked to Robert W. Taylor, Of Counsel with Carstens, Allen & Gourley, LLP to discuss how a failure to identify all the relevant risks can leave businesses open to to unexpected legal liabilities.

Continue reading →

Hardware authentication company Yubico is announcing the expanded availability of YubiKey as a Service to all countries in the European Union (EU). This allows organizations to be more agile and flexible in their adoption of phishing-resistant YubiKeys.

It's also announced the greater availability of YubiEnterprise Delivery across 117 new locations around the world. This makes it available 199 locations (175 countries and 24 territories) and more than doubles existing delivery coverage of YubiKeys to both office and remote users in a fast and turnkey way.

Continue reading →