Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If your security priorities still center on CVSS scores and device vulnerabilities, you’re missing a significant piece of the risk puzzle. People. Attackers aren’t following your org chart. They’re targeting whoever gives them access. Enter the concept of Very Attacked People (VAPs): individuals in your environment who attract the most persistent, targeted attacks. And they’re not always the CEO or the CISO.

BlueVoyant Threat Fusion Cell (TFC) researchers recently investigated a ClickFix attack with unique aspects. The attack began when a user for a UK-based organization navigated to a restaurant’s website for reservations, which they reportedly had used extensively in the past to conduct business meetings and corroborated in the logs.

In today’s environment—marked by accelerating threats like ransomware, increasingly complex supply chains, and the growing footprint of AI and IoT—managing cyber risk has never been more urgent or more difficult. Our latest research with Sapio Research, The State of Cyber Risk and Exposure 2025, draws on the insights of 1,000 cybersecurity and cyber risk leaders around the world to understand what they are focused on today and what will be keeping them up tomorrow.

Cybersecurity leaders in the UK are facing a stark reality: managing cyber risk is becoming significantly harder. Not only are threats growing in scale and complexity, but a lack of visibility into digital exposures—both internal and across the supply chain—is compounding the challenge.

Content is core to business operations, and AI is reshaping how teams engage with it. From intelligent summarization and advanced analysis to automated organization, AI streamlines workflows and accelerates decision-making across the enterprise. However, the value of AI-driven capabilities depends on one critical factor: the quality of the input prompt. Well-crafted prompts guide AI to deliver accurate, relevant, and actionable responses.

Turn Any Android Work Device Into a Secure Chrome-Only Kiosk. Perfect for Retail, Field Teams & more. Learn How in Just a Few Steps.

SASE has transformed how organizations approach secure networking, uniting security and connectivity into a single, cloud-delivered model. As one of the original architects of SASE (along with Neil MacDonald), I was invited at ONUG Dallas to reflect on the state of SASE and what we might have missed in our original research.

You can’t secure what you don’t manage. Mismanaged access is an open invitation for breaches. Overprivileged users and a surge in non-human identities (like service accounts and API keys) are quietly expanding your organization’s attack surface. Yet many still rely on outdated, manual IAM practices that can’t keep up with modern infrastructure. It’s not just a theory—38% of breaches trace back to stolen credentials.

“Identity is the new perimeter” had its moment. But as cloud-native environments and distributed teams become the norm, this mantra is starting to show its age. The risks tied to static, identity-based access are now too big to ignore, and no one sees that more clearly than security vendors themselves.

In cybersecurity, time isn’t just money, it’s everything. The longer it takes to detect and respond to an incident, the greater the damage to data, operations, and brand reputation. That’s why organizations today are laser-focused on reducing MTTR (Mean Time to Respond). But here’s the catch: you can’t respond to threats you don’t fully understand. And you can’t understand threats without first understanding your assets.