Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Excessive access rights increase the risk of cybersecurity incidents. Implementing the principle of least privilege (POLP) can help you significantly limit your attack surface and protect your organization from the financial and reputational losses that may follow a cybersecurity breach. This article reveals the importance of POLP and equips you with the best practices to implement it effectively.

We’re at a major inflection point in how software operates. And I don’t say that lightly. For the past decade, we’ve seen a steady evolution toward microservices, APIs, and cloud-native architectures. But Agentic AI is something different. We’re no longer talking about static services. We’re now dealing with autonomous agents that reason, remember, and act in real-time across live environments.

If you’ve done everything you can think of to stay protected — patched systems, trained employees, upgraded tools — but the number of threats still keep increasing, you’re not alone. You’re not behind. You’re not unprepared. But you may be operating on outdated assumptions. For small and midsize businesses, the real danger isn’t just what attackers are doing—it’s the cybersecurity myths you’ve been told to believe. The ones that seem logical.

On June 25, 2025, Cisco disclosed two critical vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 and CVE-2025-20282, these flaws enable unauthenticated remote attackers to execute arbitrary commands as the root user via exposed HTTPS APIs. CVE-2025-20281 arises from insufficient validation of user-supplied input in a public API, allowing crafted requests to trigger remote code execution.

When a cyberattack occurs, every second counts. Metrics like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) are critical benchmarks in cybersecurity, helping organizations evaluate the effectiveness of their Security Operations Centers (SOCs). But what’s the difference between MTTD vs MTTR, and why do they matter?

Microsoft highly recommends enabling MFA on all Entra ID users to protect their environment against potential attackers and avoid getting breached. This can cause a lot of issues and damage for the company from reputation problems to large fines. The latest figures from Microsoft Threat Intelligence research show that more than 99% of attacks are password attacks. Microsoft alone registers 7,000 password attacks per second!

In my previous post, we explored the reasons and methods for safeguarding Microsoft Entra ID data using Veeam Backup & Replication. While having secure, encrypted backups is essential, their value diminishes if you can’t restore them when it matters most. In this post, we’ll dive into the recovery process step by step. If you’ll remember there are a number of object types within Entra ID that can be protected at this time and they are.

Broadcom’s recent announcement to retire the VMware Advantage Partner program has left many organizations questioning their virtualization strategy. As the dust settles on this major industry shift, understanding what these changes mean for your organization and how to navigate them quickly is all important. The transition affects thousands of VMware partners worldwide, but for customers and partners alike, one thing remains clear: the need for reliable, experienced partners has never been greater.

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired Trelica earlier this year. Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview.