Latest news with #AzureDevOps
Business Wire
22-05-2025
- Business
- Business Wire
Pixee Raises $15M to Automate Code Security to Meet the Velocity of GenAI-Enabled Developers
BALTIMORE--(BUSINESS WIRE)-- Pixee, the creator of innovative solutions that empower security teams to match the productivity of AI-powered development, announced today that it has raised $15M in seed funding. The round was led by Decibel and Wing VC, with participation from TEDCO, PrimeSet and strategic investors, including early GitHub engineer Zach Holman, HackerOne Founder and CTO Alex Rice, Oracle SVP of Cloud Operations Brian Chess, and more. The new capital will accelerate Pixee's product development and expansion of the go-to-market team, enabling the company to scale adoption among enterprises and capture the growing demand for its AI-powered solution. Early enterprise customers have seen substantial benefits from adopting Pixee, including recapturing 91% of developer remediation time and cutting security triage time by 74%. Automated code fixes achieve an impressive 76% merge rate. Pixee is the first enterprise-grade tool that uses agentic AI for context and logic alongside deterministic techniques, delivering both intelligent vulnerability triage and accurate, trusted fixes. It integrates directly into developer workflows, including GitHub, GitLab, Bitbucket, and Azure DevOps, creating pull requests with ready-to-accept code. Purpose-built for security-conscious enterprises, the on-premises deployment option keeps customers' sensitive data, intellectual property, and source code fully under the customer's control. This eliminates the risk of data leaks or exposure to unregulated AI tools, ensuring strong trust, security, and protection. 'Developers are more prolific today than ever before, especially those leveraging the latest genAI tools like Cursor, Claude Code & GitHub Co-pilot,' said Surag Patel, co-founder and CEO of Pixee. 'It's time application security teams are empowered with a platform that enables them to 10X their team and keep pace with their counterparts. By focusing on capabilities like automated, production-ready code fixes directly into developer workflows and automating expert automated triage for security, enterprises can now ship secure code at unprecedented velocity. Teams can trust that any vulnerabilities within code are being resolved faster than new ones can be introduced.' IDC projects that by 2027, 70% of corrective code fixes for application security issues will be generated by AI-assisted automated remediation tools, reducing the time to patch vulnerabilities to just days. The report also found that developers estimate spending 19% of their weekly hours on security-related tasks, often outside normal working hours. The average organization spends a whopping $28,100 per developer each year in security-related tasks. 'It's time Application Security teams have their 'Cursor' equivalent platform. Pixee is the first platform we've seen that truly changes the equation in security programs and enables them to keep up with the pace of developers. By natively weaving into the developer workflow and automating work that previously was a tax on developers and security teams, security gets done automatically. Instead of the same story of understaffed product security teams, we finally have a path to the enterprise dream,' said Dan Nguyen-Huu, Partner at Decibel. 'At the heart of Pixee is a powerful insight: genAI-fueled developer productivity and security can coexist without friction. By automating the complex tasks of resolving issues from product security scanners, Pixee allows developers and security teams to reclaim valuable time, driving innovation and delivering higher quality software, faster,' added Jake Flomenberg, Partner at Wing. Pixee was founded by industry veterans with decades of experience in security and developer enablement. Co-founder and CEO Surag Patel was the Chief Strategy Officer at Contrast Security, and held leadership roles at 41st Parameter (acquired by Experian), comScore, and InMobi. Co-founder and CTO Arshan Dabirsiaghi co-founded cybersecurity unicorn Contrast Security and is recognized as one of the world's most prominent application security experts. Together, they are building Pixee to redefine how security is managed in the development process. About Pixee, Inc. Pixee is the first enterprise-grade platform that automates the last mile of application security, from alerts to resolution. The company's technology integrates directly into developer workflows, using a combination of agentic AI and deterministic techniques to deliver trusted, automatic code fixes with an 87% merge rate. Founded by security industry veterans Surag Patel and Arshan Dabirsiaghi, Pixee is backed by Decibel, Wing VC, and strategic investors including early GitHub engineer Zach Holman and HackerOne Founder Alex Rice. For more information, visit
Forbes
09-05-2025
- Forbes
Microsoft Confirms Critical 10/10 Cloud Security Vulnerability
Microsoft confirms 10/10 Azure vulnerability. SOPA Images/LightRocket via Getty Images It's not often that a truly critical security vulnerability emerges that hits the maximum Common Vulnerability Scoring System severity rating of 10. This is one of those times. Microsoft has confirmed multiple vulnerabilities rated as critical and impacting core cloud services, one of which has reached the unwelcome heights of that 10/10 criticality rating. The good news is that none are known to have been exploited in the wild, none have already been publicly disclosed, and as a user, there's nothing you need to do to protect your environment. A total of four cloud security vulnerabilities have been confirmed by Microsoft, one of which hit the 10/10 rating, but two aren't a million miles short, both being given 9.9 ratings. The final vulnerability remains critical, with a CVSS severity rating of 9.1. Let's look at them in order of their criticality. CVE-2025-29813 Critical Rating: 10.0 Azure DevOps Elevation of Privilege Vulnerability Microsoft confirmed that this Azure DevOps pipeline token hijacking vulnerability is caused by an issue whereby Visual Studio improperly handles the pipeline job tokens, enabling an attacker to potentially extend their access to a project. 'To exploit this vulnerability,' Microsoft said, 'an attacker would first have to have access to the project and swap the short-term token for a long-term one.' CVE-2025-29972 Critical Rating: 9.9 Azure Storage Resource Provider Spoofing Vulnerability Microsoft said that this Azure server-side request forgery vulnerability could allow an authorized attacker to perform 'spoofing' over a network. In other words, a successful threat actor could exploit this vulnerability to distribute malicious requests that impersonate legitimate services and users. CVE-2025-29827 Critical Rating: 9.9 Azure Automation Elevation of Privilege Vulnerability Yet another Azure security vulnerability with an unbelievably high official severity rating of 9.9, this time enabling a successful hacker to elevate privileges across the network thanks to an improper authorization issue in Azure Automation. CVE-2025-47733 Critical Rating: 9.1 Microsoft Power Apps Information Disclosure Vulnerability Hooray, not Azure this time, and dropping on the criticality rating scale to a 9.1 as well. This vulnerability, as the name suggests, would allow an attacker to disclose information over the network. It's another server-side request forgery vulnerability but this time impacting Microsoft Power Apps. Here's the really good news among the bad critical vulnerability disclosure stuff: there is no patch to install, no updates to deploy, and no action required by the user at all. 'This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take,' Microsoft said with regard to each of the cloud security issues mentioned. That's because it comes under the remit of what the Microsoft Security Response Center refers to as a commitment to provide comprehensive vulnerability information to customers, by detailing cloud service CVEs once they have been patched internally. 'In the past,' Microsoft said, 'cloud service providers refrained from disclosing information about vulnerabilities found and resolved in cloud services, unless customer action was required.' With the value of full transparency now properly understood, all that has changed. 'We will issue CVEs for critical cloud service vulnerabilities,' Microsoft confirmed, 'regardless of whether customers need to install a patch or to take other actions to protect themselves.'
Business Insider
22-04-2025
- Business
- Business Insider
Exalate Launches Connector for Freshdesk, Bringing Seamless Escalations and Smarter Cross-Team Collaboration
Exalate, a leading integration platform, has officially launched its Exalate for Freshdesk connector -bringing powerful, AI-assisted two-way synchronization to the Freshworks ecosystem. Freshdesk users can now sync support tickets across development, IT, and operations teams without ever leaving their tool of choice. This connector enables teams to automate ticket flows between Freshdesk and platforms like Jira, Azure DevOps, ServiceNow, Salesforce, GitHub, Zendesk, and more-customized to fit each team's exact needs. "Customer issues don't follow org charts," said Francis Martens, CEO of Exalate. "They cut across tools, teams, and even companies. We built this connector to reflect how real collaboration works: flexible, fast, and secure. Our AI helps you set things up faster. But control stays in your hands." The release addresses a longstanding pain point in customer service workflows: the lack of flexible integrations between support tools and the systems used by development, IT, or operations teams. In many organizations, moving information between tools is still a manual process-prone to error and context loss. Exalate solves this by treating integration as a shared conversation, not a one-way relay. Exalate for Freshdesk allows teams to define what should be synchronized (comments, priorities, attachments, custom fields), when it should happen (via triggers), and how the sync behaves (via scripting). The system is decentralized, meaning each side of the connection controls its own rules, which is especially useful for cross-company collaboration or secure environments. AI suggestions assist with initial setup and ongoing maintenance, enabling teams to build and manage complex syncs more efficiently-reducing reliance on technical support and making it easier to scale integrations as business needs evolve. Filling a Gap in Freshdesk's Ecosystem While Freshdesk has native integrations and third-party connectors, many of them are limited to basic one-way data sharing or lack customization. Exalate's release positions itself at the intersection of flexibility and automation, appealing to teams with complex workflows or regulatory requirements. Use cases include: The release includes both freemium access for basic needs and enterprise-grade packages for advanced requirements. Implementation begins immediately through in-product purchasing, with AI guidance available throughout setup. About Exalate Exalate is a leading provider of integration solutions focused on enabling seamless collaboration across teams and organizations. Its unique decentralized architecture gives teams full control over their data exchanges while maintaining flexibility to adapt to various use cases. Exalate pr@ SOURCE: Exalate View the original press release on ACCESS Newswire
Yahoo
01-04-2025
- Business
- Yahoo
Quantive Offers Automated Migration Path for Microsoft Viva Goals Users Ahead of Sunset
DENVER, April 01, 2025--(BUSINESS WIRE)--With Microsoft officially sunsetting Viva Goals at the end of 2025, Quantive, a trusted Microsoft partner, is making it easy for organizations to transition without disruption. Quantive offers a powerful, flexible strategy execution platform that not only matches Viva Goals' capabilities—but goes beyond, with enhanced features for planning, tracking, and adapting strategic initiatives in real-time. To support a smooth transition, Quantive is providing: Fast, easy, and the only automated migration tool to move users, teams, and goals seamlessly in just a few clicks Deep integrations with Microsoft products, including Teams, Azure DevOps, PowerBI, Planner, Excel, and more—to keep workflows uninterrupted A familiar yet more robust experience, including AI-powered planning tools and customizable real-time progress dashboards Introductory pricing starting at just $6 per seat for the first year, matching with Viva Goals' lowest-tier pricing "As a long-standing Microsoft partner, we're committed to helping Viva Goals customers continue driving strategic alignment and execution," said Radoslav Georgiev, CEO at Quantive. "We're not just offering a replacement. We're offering an upgrade that works with the tools your teams already use." Learn more and start your migration today at: About Quantive Quantive is the strategy execution platform that helps organizations turn plans into results. From planning and goal setting to real-time execution and measurement, Quantive acts as the single source of truth for strategic initiatives. Trusted by companies worldwide, Quantive empowers business leaders to align teams, adapt to change, and achieve meaningful outcomes with confidence. Learn more at View source version on Contacts Media Contact: Jon White VP of Marketing Sign in to access your portfolio
