Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For decades, cybersecurity has been organized around three dominant pillars: endpoint security, network security, and cloud security. These domains have shaped technology categories, vendor ecosystems, and enterprise budgets. They have matured into multi-billion-dollar markets, each responding to successive waves of digital transformation. However, a tectonic shift is underway.

We've previously addressed the foundational problems of visibility and automated human risk management. However, the final, most enduring challenge remains: how do you address the human element that lies at the core of human cybersecurity risk? Now more than ever, users are prime targets for attackers, but the traditional playbook offers little more than check-the-box training (which is often easily forgotten).

Defining success looks different for security organizations than it does for product, infrastructure, and other engineering teams. The latter group can often point to tangible outcomes, such as newly shipped features or performance improvements. Security orgs succeed when risks are lowered and the company’s posture improves over time, which are results that aren’t as easy to recognize but still valuable.

During a recent investigation into AMOS InfoStealer, Kroll Threat Intelligence Team has discovered a troubling new delivery vector that leverages the growing trust users place in AI tools. In this case, attackers leveraged ChatGPT as the source of guidance, tricking victims into initiating the infection, presenting it as a legitimate solution to a common technical problem. Victims were tricked into believing they were running a harmless command to fix a sound issue on their Mac device.

Privileged Access Management (PAM) is your organization's security control center for managing and monitoring high-level access to critical systems. Think of it as a sophisticated vault system that safeguards your most powerful administrative credentials while maintaining detailed audit trails of their usage. As we head into 2026, PAM has become crucial. Here's why: Cyberattacks are getting scarier and more complicated.

As the flurry of excitement over fresh AI innovation begins to fade, risk leaders, heads of GRC and CISOs have a new challenge to tackle. Regulators, customers, and boards are all asking harder questions about how AI is used, secured, and audited. For CISOs, AI governance is now a board-level expectation. Some organizations will be able to confidently show their measured and documented approach to AI governance.

As we look back at 2025 and onward, there are five cyber threats that stand out as the most pressing for small businesses. No single solution eliminates cyber risk. The most effective strategy for small businesses is to combine multiple layers of defense. Endpoint security, email filtering, secure backups, and continuous education together create a much stronger posture than any one tool can provide on its own.

Online abuse is now a major part of gender based violence. Many survivors experience harassment, stalking, threats or image based abuse through social media, messaging apps and other digital platforms. The UK’s Online Safety Act 2023 has created new rules for platforms, but real change only happens when survivor services, tech companies and the public all play their part.

Compliance and data protection are inseparable in today's digital-first world. With increasing regulatory scrutiny, expanding privacy laws, and growing customer expectations around data stewardship, organizations can no longer afford to treat compliance as a checkbox exercise.

A critical vulnerability, CVE-2025-66516 (CVSS 10.0), has been identified in Apache Tika, affecting how the framework processes PDF files containing XFA (XML Forms Architecture) data. The vulnerability resides in tika-core, which means any system using Tika’s default parsing behavior remains vulnerable even if the PDF parser module was previously patched. No special configuration or insecure application code is required; simply ingesting a malicious PDF is enough to trigger the exploit.