Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You’ve just finished your Microsoft Sentinel deployment and have your shiny new SIEM up and running. Is your job done? Can a SIEM ever really be finished? The answer is “no” because your organization’s needs change, new technologies emerge, and cyber attack vectors constantly evolve.

The expansion of cloud applications and mobile devices has created unlimited endpoints, leaving data vulnerable to security threats. In fact, Cryptographic failures rank no.2 in OWASP’s top 10 web application security risks. Effective cryptographic key management is crucial to protecting data, as a single compromised key could result in a massive data breach. This blog will explain some of the best practices for cryptographic key management.

For modern digital businesses, compliance isn’t just a legal requirement—it’s a trust-building and security-enabling mechanism. Compliance frameworks like PCI DSS 4, HIPAA, GDPR, and NIST establish the technical and procedural standards organizations must meet to protect sensitive data, avoid regulatory penalties, and qualify for cyber insurance.

Security analysts know the feeling: The all-too-familiar dread creeps in as a new exploit hits the headlines. Cyber teams worldwide brace themselves, knowing that their weekends, vacations, and carefully laid plans are likely about to go up in smoke. The first question a CISO will always ask rings in their ears: “Are we protected against this?”

In April and May 2025, several prominent UK retailers including Marks & Spencer (M&S), Co-op, and Harrods experienced significant cyberattacks. At the time of writing we have not had confirmation of these attacks but consider them to be a Ransomware attack. These incidents are disrupting services, compromising customer data, and highlight vulnerabilities in retail cybersecurity. This guide aims to help you as a consumer take the steps you can take to protect yourself.

AI adoption accelerates secret sprawl as organizations connect to multiple providers. Our investigation of a leaked xAI API key, which granted access to unreleased Grok models, reveals critical flaws in their disclosure process, highlighting necessary improvements in this domain.

We’re making it easier for IT and security admins to deploy 1Password Enterprise Password Manager at scale with three powerful new features that improve visibility, reduce onboarding confusion, and lay the groundwork for a more unified experience across our platform. Whether rolling out to your first 50 users or your next 5,000, these updates help you move faster, support your employees, and strengthen access security across your organization.

Omdia, a global analyst and advisory leader, recently released a report called “How Extended Access Management (XAM) closes the gaps in security.” The report outlines the challenges of managing access for the modern workforce and suggests strategies for addressing those challenges. Omdia defines the challenge areas of access management as: In 2024, 1Password launched Extended Access Management (XAM), a new security category designed to close the Access-Trust Gap.

On May 7, 2025, watchTowr publicly disclosed technical details and a proof-of-concept (PoC) exploit for a pre-authenticated Remote Code Execution (RCE) chain affecting SysAid On-Premises, a self-hosted IT service management (ITSM) platform used by organizations to manage IT support tasks. Although the vulnerabilities were patched in March 2025, they had not been assigned Common Vulnerabilities and Exposures (CVE) identifiers and were disclosed for the first time with watchTowr’s publication.

Picture this: your vendor’s latest security audit just landed in your inbox, and you spot multiple failure points. What’s your immediate action plan? Failed vendor audits are an uncomfortable but increasingly common reality as reliance on third-party vendors grows, and handling them poorly can lead to data breaches, costly compliance violations, and serious operational disruptions. Knowing how to respond effectively isn't just good practice—it's essential risk management.