Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Learn how Snowflake is tackling NHIs, from secrets sprawl to a secretless architecture using GitGuardian for detection and Aembit for prevention.

In our first article exploring vulnerability management vs. exposure management, we explored the growing recognition that exposure management is not just a rebranding of vulnerability management. Rather, it’s a strategic evolution. Where traditional vulnerability management often focuses narrowly on CVEs and technical severity, exposure management demands a broader, more integrated understanding of risk across assets, environments, and attack vectors.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Looks bad for Co-op customers. Stay alert.

Software security vulnerabilities in healthcare, finance, energy, and other critical infrastructure industries have far-reaching consequences across global supply chains and markets. Highly regulated industries face complex attack vectors and require a broader defense-in-depth strategy to effectively manage application risk. That’s where the right Application Security Posture Management (ASPM) tool comes in.

Last week, Binance began enforcing jurisdiction-specific regulations requiring Personally Identifiable Information (PII) for certain crypto withdrawals and deposits (Binance US is not affected). These updates carry immediate operational and compliance implications for Fireblocks customers based in Japan, New Zealand, India, the UAE, Bahrain, South Africa, Poland, France, and Kazakhstan who transact with Binance.

Data lakes have evolved. Once treated as passive storage archives, they’re now becoming active components of enterprise risk management. The driver? Selective retrieval — the ability to park large data volumes in cold storage and later retrieve targeted slices for forensic or compliance needs. This shift matters. According to 2025 data from Cybersecurity Insights Group, 73% of enterprises report that SIEM ingestion costs are limiting their real-time analysis capacity.

Today’s CIOs are under intense pressure to deliver operational excellence without expanding headcount or overspending. Budget constraints, rising infrastructure costs, and growing expectations around uptime and security have forced IT leaders to rethink how they allocate resources. The challenge isn’t simply about doing more—it’s about doing more efficiently with the same staff and infrastructure.

The BlueVoyant SOC consistently monitors and analyzes threats within customers instances 24x7. One threat we have been tracking and observing has been a free-ware software known as RecipeLister. This software claims to provide users with the capabilities of viewing and downloading recipes in order to assist in the journey of staying healthy. While this capability was rather appetizing, we discovered there was more to be unpacked by this software.

The EU’s Digital Operational Resilience Act (DORA) establishes a unified regulatory framework to ensure financial institutions can withstand and recover from IT disruptions. As a cornerstone of operational resilience, secure and compliant database environments are critical to safeguarding sensitive financial data and maintaining regulatory alignment.

DevOps teams are moving faster than ever deploying AI agents, orchestrating automated workflows, and scaling infrastructure across cloud platforms. But as speed increases, so does the attack surface. Traditional access models weren’t built for today’s dynamic, machine-heavy environments, and static privileges have become one of the biggest security liabilities in SaaS.