Vulnerability Management

Urgent: Zero-Day CVEs Found in Two Major Secrets Managers — Have You Updated Yet?

Today, my manager forwarded me this article about several zero-day CVEs discovered in CyberArk and HashiCorp products. After some time spent researching online, I confirmed that both brands have fixed these CVEs by releasing updated versions!! I’m not surprised that these two big corporations acted quickly and fixed the vulnerabilities; both are well-known and reliable! This event gave me an excuse to write this article and respond to one of the most common questions I get from my customers whenever I share news about a new release of a secrets manager: ...

The Critical Trio: Secrets Manager, Zero-CVE Images, and CNAPP are Needed (Not Only) for DORA Compliance!

With the Digital Operational Resilience Act (DORA) now in effect across the European Union as of January 17, 2025, financial institutions face unprecedented cybersecurity and operational resilience requirements. Successfully achieving DORA compliance demands a comprehensive security strategy that also includes the following three fundamental components: Robust secrets management Hardened container images with minimal vulnerabilities Unified cloud-native application protection platforms (CNAPPs) These technologies work synergistically to meet DORA’s stringent ICT risk management, asset identification, and third-party oversight mandates. ...

SIGHUP Secure Containers: how do you choose the oci base image for your workload?

I believe it’s important to start with a premise: In this article, I’ll talk about a product/service built and offered by my current employer, SIGHUP. No one from my company has asked me to publish this blog post here; these are my honest opinions about Secure Containers. Secure Containers is a paid service built by SIGHUP that provides secure, hardened, and updated container base images. Developers working with containers and images now enjoy several advantages compared to the past, such as standardization, automation, and faster release times. ...

How Is It Possible to Make Both Developers and Security Officers Happy? Try Snyk!

Being able to work safely in cybersecurity requires knowledge, attention to detail, and a solid portfolio of reliable software. One of the tools I have learned about and used in recent months is Snyk. Calling Snyk a “tool” isn’t quite accurate—it’s a security platform that offers a suite of tools capable of operating on any codebase, including: Code (SAST) Open Source (SCA) Containers Infrastructure as Code Cloud In recent years, the amount of code produced has grown exponentially. The availability of countless open-source libraries and containers has accelerated development, but how can we be sure that all these resources are secure? ...