Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Having joined visionary leaders and top practitioners at ZenityLabs’ AI Agent Security Summit in San Francisco, I came away inspired and laser-focused on the incredible opportunities and responsibilities ahead for any organization looking to adopt and secure AI agents.

In late September 2025, several European airports reported significant delays and flight cancellations due to issues with their check-in and passenger systems. Collin’s Aerospace, the vendor of the vMUSE check-in system, had been hit by a ransomware attack. ARINC error message: Source: Cyberplace.social.

A phishing campaign is impersonating LastPass and Bitwarden with phony breach notifications, BleepingComputer reports. “An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager,” BleepingComputer writes.

Picture this: it’s 3 AM, and your message broker is acting up. Queue depths are climbing, consumers are dropping off, and your on-call engineer is frantically restarting pods in a Kubernetes cluster they barely understand. Sound familiar? For years, we lived this reality with our self-hosted RabbitMQ running on EKS.

Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests for OAuth API authorization for organizations that use JWT tokens. These JWT, or JSON Web Tokens, are meant to prove that you have access to whatever it is you are accessing. One of the most critical JWT vulnerabilities is algorithm confusion.

According to Bitsight TRACE’s 2025 State of the Underground report, the most exposed devices tied to critical vulnerabilities were found in the United States, and the most affected sectors included Information (telecom, IT) and Professional, Scientific, and Technical Services (including security and software vendors).

This user quote, captured on Reddit, underscores the real-world consequence of cloud outages: when it happens, the world stops. As your organization scales, you often make strategic decisions to centralize your workloads, whether it’s meeting strict regulatory requirements that demand data locality, or minimizing latency for compute-heavy applications. The true challenge isn’t deciding which cloud vendor to go with; it’s mitigating the risk of a single point of failure.

Nowadays, thinking about backups in terms of redundancy alone is old-fashioned. Along with the ‘what’ and ‘how’ approach, it’s vital to ask ‘where’. And it’s not a matter of GDPR or HIPAA requirements. Knowing about your backup location(s) can be a factor that distinguishes between mere compliance and a catastrophe.

AI-powered SOCs are dominating industry conversations, yet security leaders remain split on whether a truly autonomous SOC can ever exist. Despite certain vendors aggressively marketing fully autonomous SOC solutions, Gartner's analysis "Predict 2025: There Will Never Be an Autonomous SOC" suggests solutions in the market are unlikely to deliver against claims of full autonomy. As someone who has run SOCs, I agree. Full autonomy isn’t the answer.

Workflows aren’t new, or glamorous. But every major leap in technology has been about making work flow better. The assembly line automated production. The personal computer and the internet reshaped knowledge work. The cloud, mobile, and collaboration tools broke down barriers of place and time. We explored this evolution in a recent piece, “A History of Workflows.” Today, we’re examining the present. With automation and AI, we’re at the next leap.