"I am only as secure as my weakest link – my weakest vendor," Extreme Networks CIO John Abel said.

This week was about cybersecurity -- avoiding vulnerabilities, learning more about them, or CISOs dealing with the consequences.

Security experts noted Bishop Fox’s findings reflect the overall trend of delayed patching and the need for easier and automatic patching processes.

For now, the vendor has not released any software updates to address this high-severity vulnerability in its Nexus 9000 fabric series switches.

The survey showed 90% of respondents consider the use of a single cloud security platform with one dashboard to be moderately to extremely helpful.

"We can't afford to maintain critical dependencies that could become a ‘weapon’ against our interests,” the European Union's Thierry Breton wrote.

Mandiant CTO Charles Carmakal warns any organization that used MOVEit in May 2023 could have potentially been exploited by the threat actor — CL0P.

The cloud provider announced the public preview of its new Amazon CodeGuru Security at this year’s AWS re:Inforce event.

Google Cloud security products increase efforts to combine AI and cybersecurity with several new and enhanced products and partnerships.

CrowdStrike President Michael Sentonas argues artificial intelligence alone cannot identify and respond to novel threats and attack tactics.

A majority of enterprise applications depend on hundreds of open source projects, but that software exists in a world with few guardrails.

Orca Security noted the top issues are “not the newest and most talked about,” so a focus on security basics is the best solution.

Dynatrace CEO Rick McConnell forecasts “the number of use cases that involve both observability and security is going to explode."

Attackers are having a field day with the Legion tool, with capabilities that allow them to steal cloud credentials and launch SMS based attacks.

To help understand and evaluate threats to the entire software supply chain, a consortium of cybersecurity professionals released the OSC&R. Today, the group announced that the framework is now

“We are hearing stories about network teams that year-round are constantly dealing with upgrade situations," BackBox's Chanoch Marmorstein said.

Cisco accelerates its cloud security expansion with the Lightspin acquisition, marking its second deal within two months.

Cloudflare's 2023 Application Security report reveals some surprising trends as attackers take aim at Microsoft Exchange.

“We see the organizations are still in their early stage when it comes to [work-from-anywhere] strategy and solutions," Fortinet's Peter Newton said.

Avaya went bankrupt again; layoffs revealed the truth about top tech companies' DE&I stance; and Trellix discovered Cisco vulnerabilities.

As enterprises are increasingly migrating to the cloud, adversaries are adding the cloud to their targeting repertoire to expand the impact of their intrusions,

A vendor survey found 48% of respondents cited ransomware as the top concern for IT organizations heading into 2023.

One of the bugs might serve as a potential hardware supply chain risk and persist across reboots and firmware upgrades.

Four out of five developers will rely on curated open source software by 2025, according to Google Cloud VP of Infrastructure Eric Brewer.