Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Cloudsmith introduces EPSS Scoring in Enterprise Policy Management (EPM)

Cloudsmith’s Enterprise Policy Management (EPM) now supports the Exploit Prediction Scoring System (EPSS), a data-driven metric designed to estimate the probability of a software vulnerability being exploited in the wild. Using EPM in Cloudsmith, you can now use a package’s EPSS score to inform your package workflows, including those around Package Promotion and Package Quarantine.

Calico Whisker, Your New Ally in Network Observability

With the upcoming release of Calico v3.30 on the horizon, we are excited to introduce Calico Whisker, a simple yet powerful User Interface (UI) designed to enhance network observability and policy debugging. If you’ve ever struggled to make sense of network flow logs or troubleshoot policies in a complex Kubernetes cluster, Whisker is your friend!

How DevSecOps Automation Should (and Will) Change Your DevOps Security Practices in 2025

Learn how to use automation to combat this year's emerging DevSecOps trends. The dream of DevSecOps has always been resilience. To focus on proactive strategies rather than reactive firefighting; to learn from failures and build something stronger and more flexible in their wake. DevSecOps adoption may have grown, but implementation remains uneven: Many teams struggle to align their security and development workflows into a cohesive system.

Understanding Zero Day Malware: The Invisible Threat

In today's rapidly evolving digital landscape, cybersecurity threats continue to grow in both sophistication and impact. Among these threats, zero day malware stands out as particularly dangerous because it exploits previously unknown vulnerabilities in software or hardware. These vulnerabilities, known as "zero day vulnerabilities," have not yet been patched by vendors, leaving systems completely exposed with no existing defenses. This creates a critical window of opportunity for attackers to compromise systems before security teams can respond.

Ending the IngressNightmare: How SUSE Secures Your Kubernetes Clusters from External and Internal Threats

In March 2025, Wiz researchers disclosed a set of critical vulnerabilities in the popular ingress-nginx controller for Kubernetes. Collectively referred to as IngressNightmare, these issues (CVE-2025-1097, CVE-2025-1098, CVE-2025-24513, CVE-2025-24514, and CVE-2025-1974) allow unauthenticated attackers to exploit the Ingress admission controller, potentially achieving remote code execution or escalating privileges in the cluster.

What is NIS2 Compliance? And How to Use Proactive Monitoring to Automate Compliance

NIS2 (Network and Information Security Directive 2) is the European Union’s updated cybersecurity directive, replacing the original NIS Directive (2016), often referenced to as NIS1. NIS2 was adopted in December 2022 and the deadline for implementation by EU member states was October 17, 2024. NIS2 strengthens cybersecurity requirements across essential and important sectors to enhance cyber resilience and response capabilities.

Effective Data Backup And Recovery Solutions For Your Small Business

For small businesses, maintaining data integrity is critical. The loss of essential files can lead to downtime, financial setbacks, and reputational damage. Unexpected events can erase years of work in seconds, leaving businesses scrambling to recover. Without a structured approach to data protection, retrieving lost information may be costly or even impossible. Read on to explore effective data backup and recovery solutions tailored to keep your small business secure and operational.
Sponsored Post

The Top 5 Security Logging Best Practices to Follow Now

Security logging is a critical part of modern cybersecurity, providing the foundation for detecting, analyzing, and responding to potential threats. As highlighted by OWASP, security logging and monitoring failures can lead to undetected security breaches. With the average cost of a data breach adding up to $4.45 million, most organizations can't afford to miss a security incident.

Securing Software Supply Chains: New Research Highlights Industry Vulnerabilities

New IDC study, co-sponsored by Canonical and Google Cloud, reveals the challenges and opportunities for organizations securing their software supply chains. Today, Canonical and Google Cloud released findings from a joint research project conducted by the International Data Corporation (IDC) that sheds light on the critical challenges organizations face in securing their software supply chains. The report, “The State of Software Supply Chains.