Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With an ever-increasing demand for additional security from today’s technology platforms, Microsoft is implementing several new measures to build a more robust ecosystem by default.

Digital sovereignty is not a talking point anymore. It is a real technical requirement. Governments, telcos, and regulated enterprises are building sovereign clouds on OpenStack to keep data under their jurisdiction. But what about the backups? If your sovereign cloud data protection solution uses a proprietary format, you have traded one lock-in for another.

Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. “Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.

AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans. “According to Pindrop internal data, AI fraud (or non-live fraud) surged 1210% by December 2025,” the researchers write.

A Malicious NPM Package Hides Pulsar .NET Malware Inside PNG Images.

The cybersecurity landscape is in constant flux, shaped by emerging technologies, evolving threats, and increasing regulatory demands. As organisations strive to protect their digital ecosystems, the challenge isn’t just collecting data—it’s turning that data into actionable strategies that drive meaningful change. Next week, we’ll unveil the 16th edition of Veracode’s flagship State of Software Security (SoSS) report—a cornerstone of the cybersecurity calendar.

The latest findings from WatchGuard Technologies reveal a stark reality for managed service providers: cyber threats are not only increasing—they’re evolving faster than traditional defenses can keep up. In its newest Internet Security Report, WatchGuard identified a 1,548% spike in new, unique malware from Q3 to Q4 2025. Nearly one in four threats bypassed signature-based detection, highlighting a critical gap in reactive security models still used across many customer environments.

Security frameworks have always had a gap. They tell you to find vulnerabilities and fix them, but they’ve rarely provided a system to determine which ones actually matter before you tap into your most expensive resource: engineering time. CTEM changes the game by treating security as a continuous lifecycle rather than a series of silos.

Marketing needs to ship campaigns in hours. IT and engineering move in days. Tag managers live at the center of that conflict. They’re essential infrastructure, enabling marketing velocity by letting marketing teams deploy analytics, advertising pixels, and conversion tracking without IT or production bottlenecks. So campaigns launch faster, testing happens in real time, and teams optimize performance mid-campaign. But that same architecture can create compliance exposure.

If you have a consent banner, a Do Not Sell link, and a preferences database logging every opt-out, you’re CCPA compliant, right? Not really. In July 2025, Healthline Media settled with the California Attorney General for $1.55 million. That’s one of the largest CCPA fines to date. They had opt-out forms. They had GPC support. They had a preference database. Yet, after users exercised all three, investigators found that 118 cookies were still active and 82 tracking tags were still operating.