Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Golf can be an incredibly frustrating game to play. The great Winston Churchill described golf as "a game whose aim is to hit a very small ball into an even smaller hole, with weapons singularly ill-designed for the purpose.” Interestingly, cybersecurity professionals face the exact opposite problem.

LABYRINTH CHOLLIMA is among the most prolific DPRK-nexus adversaries that CrowdStrike Intelligence tracks and is responsible for some of North Korea’s most notable intrusions including destructive attacks against South Korean and U.S. entities, and the global WannaCry ransomware incident.

Software development has entered a new era. Applications are built and deployed faster than ever, powered by cloud-native architectures, open-source software, and AI-assisted development. But this speed has introduced a new challenge: a dramatically expanded attack surface and a fragmented security model that struggles to keep up.

The Internet woke up this week to a flood of people buying Mac minis to run Moltbot (formerly Clawdbot), an open-source, self-hosted AI agent designed to act as a personal assistant. Moltbot runs in the background on a user's own hardware, has a sizable and growing list of integrations for chat applications, AI models, and other popular tools, and can be controlled remotely. Moltbot can help you with your finances, social media, organize your day — all through your favorite messaging app.

In cybersecurity, we live by our metrics. We measure Mean Time to Respond (MTTR), Dwell Time, and Patch Cadence. These numbers indicate to the Board how quickly we respond when issues arise. But in the era of Agentic AI, reaction speed is no longer enough. When an AI Agent or an MCP server is compromised, data exfiltration happens in milliseconds rather than days. If you are waiting for an incident to measure your success, you have already lost.

Legacy DLP operates on a fundamental constraint: it identifies sensitive data by matching patterns. Credit card numbers follow the Luhn algorithm. Social Security numbers conform to a nine-digit format. API keys match specific string patterns. This approach works for structured data, but it fails to address a critical reality: Your most sensitive assets aren't numbers. They're documents.

One of my first intentional “to-dos” this year has been spending time with the World Economic Forum’s Global Cybersecurity Outlook 2026, a report I was privileged to actively contribute to over the past year. For KnowBe4 customers, this report offers more than trend analysis. It provides a baseline of where organizations stand today, what separates resilient organizations from less resilient ones, and why the human factor is now central to cyber resilience.

In Pac-Man, ghosts seem pretty easy to dodge. You’re clearing the maze, racking up points, three more pellets away from leveling up. Then, out of nowhere, they close in and cut off all hope of escape. Womp womp. Game over. In today’s enterprise environments, “ghost” or orphaned accounts represent a similar hidden risk. They appear low-impact, lingering in forgotten corners of the IT maze.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Are you one of the “20%”?

Early 2026, Moltbot a new AI personal assistant went viral. GitGuardian detected 200+ leaked secrets related to it, including from healthcare and fintech companies. Our contribution to Moltbot: a skill that turns secret scanning into a conversational prompt, letting users ask "is this safe?".