Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Initially established in 1968, TransUnion was set up as a holding company for the Union Tank Car organization. It entered the credit reporting industry in 1969, following an acquisition of the Cook County Credit Bureau. Over time, TransUnion developed from solely credit reporting to information and insights on a global scale. The official mission of the company is to help people globally access capital and services, thereby emphasizing its role as a consumer advocate.

At the RSAC Conference this year, it seemed that every cybersecurity company had suddenly become an agentic AI company. According to such vendors, AI agents were the solution to every security problem keeping CISOs up at night. The audience, however, was understandably skeptical. Concerns over vendor promises fell into two camps. The first camp: companies that took whatever AI capabilities they had and slapped the word ‘agentic’ on them (aka ‘agent-washing’). Or even worse.

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

Microsoft has also been enhancing cloud security by ensuring that multi-factor authentication (MFA) is enabled for all of its Azure and Microsoft 365 administrative accounts. The rollout will begin with Azure portals in October 2025 and progressively to command-line tools, APIs, and Infrastructure-as-Code (IaC) environments in October of that year. For organizations, it means adapting their authentication workflows to align with Microsoft’s phased enforcement plan or risk disruption.

When Kubernetes workloads need to connect to the outside world, whether to access external APIs, integrate with external systems, or connect to partner networks, they often face a unique challenge. The problem? Pod IP addresses inside Kubernetes clusters are dynamic and non-routable. For external systems to recognize and trust this traffic, workloads need a consistent, dependable identity. This means outbound connections require fixed, routable IP addresses that external services can rely on.

Quantum computing is no longer a distant threat on the horizon. It is rapidly materializing into a real, operational risk to the foundations of our cybersecurity ecosystem.

The cybersecurity industry woke up to yet another supply chain nightmare this week. Cloudflare, one of the world's largest web infrastructure companies, confirmed that attackers accessed 104 of their API tokens through the cascading Salesloft Drift breach. This incident perfectly illustrates why modern organizations need to rethink their approach to third-party vendor security.

As companies embed AI models into their applications, they face risks that traditional security tools weren’t designed to catch, such as prompt injection, data leakage, model poisoning, and shadow AI. Addressing these threats requires a new class of security tools built specifically for AI specific risk.

As IT threats and vulnerabilities continue to evolve, regulatory and compliance demands are growing in response. Many organizations today need to navigate multiple mandatory security frameworks and regulations. According to Vanta’s 2025 Trust Maturity Report, 90% of respondents cite compliance requirements as a top driver for investing in security. ‍ Maintaining compliance with the necessary frameworks requires continuous monitoring of your security posture and critical controls updates.

Not too long ago I read an interesting blogpost by SpecterOps about Microsoft EPM that got my attention as I was not aware of this Microsoft product/feature. It was interesting to learn that Microsoft expanded into the realm of Endpoint Privilege Management and since this means that there must be some service/driver running with high privileges that elevates low-privileged processes, I thought there could be potential vulnerabilities and bugs.