Ryan Naraine

New York

Editor at Large at SecurityWeek

Publisher at Security Conversations

🎧 Three Buddy Problem: https://t.co/ZGEyqy2h7g. ✍🏼 Writing: @securityweek 🗣️ Conference: @labscon_io

Featured in: Favicon

securityweek.com Favicon

medium.com Favicon

pcmag.com

zdnet.com

csmonitor.com Favicon

eweek.com

internetnews.com

Articles

Apple Patches Major Security Flaws in iOS, macOS Platforms

2 days ago | securityweek.com | Ryan Naraine

Apple on Monday pushed out patches for security vulnerabilities across the macOS, iPhone and iPad software stack, warning that code-execution bugs that could be triggered simply by opening a rigged image, video or website. The new iOS 18.5 update, rolled out alongside patches for iPadOS, covers critical bugs in AppleJPEG and CoreMedia with a major warning from Cupertino that attackers could craft malicious media files to run arbitrary code with the privileges of the targeted app.
New UK Framework Pressures Vendors on SBOMs, Patching and Default MFA

1 week ago | securityweek.com | Ryan Naraine

The UK government on Wednesday is moving to codify “secure-by-default” expectations for software makers with the rollout of a voluntary Software Security Code of Practice that sets a market baseline for how vendors build, ship and maintain business software.
White House Proposal Slashes Half-Billion from CISA Budget

1 week ago | securityweek.com | Ryan Naraine

The White House has signaled plans to cut the Cybersecurity and Infrastructure Security Agency’s (CISA) budget by $491 million on the grounds that the agency became a “censorship industrial complex” at the expense of cyber defense.
Tech Giants Propose Standard For End-of-Life Security Disclosures

2 weeks ago | securityweek.com | Ryan Naraine

A coalition of big tech vendors, including Cisco, Microsoft, Dell, IBM, Oracle, and Red Hat has published a draft ‘OpenEoX’ framework to standardise the way companies announce when products will stop receiving security patches or any other form of support.
JPMorgan Chase CISO Fires Warning Shot Ahead of RSA Conference

2 weeks ago | securityweek.com | Ryan Naraine

SAN FRANCISCO—The doors to the RSA Conference 2025 swing open here this week with two competing narratives.
Verizon DBIR Flags Major Patch Delays on VPNs, Edge Appliances

2 weeks ago | securityweek.com | Ryan Naraine

The latest Verizon Data Breach Investigations Report (DBIR) landed this week with a startling statistic about the security posture of perimeter gear: barely half of the zero‑days exploited last year in VPNs and internet‑facing appliances were fully patched, and it took a median 32 days to get there.
Chainguard Raises Hefty $356M Series D at $3.5 Billion Valuation

3 weeks ago | securityweek.com | Ryan Naraine

Chainguard, a start-up created by ex-Google software engineers to build and sell “hardened-by-default” open-source components, has raised $356 million in a Series D round led by Kleiner Perkins and IVP. The Kirkland, Wash. company said new investors Salesforce Ventures and Datadog Ventures joined the round. The cash infusion brings Chainguard’s total funding to about $612 million since its $5 million seed in 2021 and prices the company at $3.5 billion, according to a note from CEO Dan Lorenc.
Cloud Data Security Play Sentra Raises $50 Million Series B

3 weeks ago | securityweek.com | Ryan Naraine

Cloud data security startup Sentra on Tuesday announced $50 million in new investments from Key1 Capital, Bessemer Venture Partners, Zeev Ventures, Standard Investments, and Munich Re Ventures. The Series B pushes total funding past $100 million and positions the Israeli startup to expand engineering headcount and deepen features that keep sensitive data out of misconfigured AI workflows.
Microsoft Purges Dormant Azure Tenants, Rotates Keys to Prevent Repeat Nation-State Hack

3 weeks ago | securityweek.com | Ryan Naraine

Microsoft, touting what it calls “the largest cybersecurity engineering project in history,” says it has moved every Microsoft Account and Entra ID token‑signing key into hardware security modules or Azure confidential VMs with automatic rotation, an overhaul meant to block the key‑theft tactic that fueled an embarrassing nation‑state breach at Redmond.
North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature

3 weeks ago | securityweek.com | Ryan Naraine

North Korean cryptocurrency thieves are quietly repurposing a little‑known Zoom Remote collaboration feature to plant infostealer malware on the workstations of cryptocurrency traders and venture investors. According to separate advisories from the non‑profit Security Alliance (SEAL) and cybersecurity research firm Trail of Bits, Pyongyang hackers posing as VC investors have been caught sending phishing lures with Calendly links to Zoom meetings.