Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Agent identity architectures: Delegated, bounded, and autonomous

This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.

Strengthening modern detection with Open NDR and integrated threat intelligence

Adversaries are evolving faster than defenders can respond, and they're weaponizing AI to accelerate their attacks. We’ve seen “living-off-the-land”, lateral movement, and the abuse of legitimate administrator tools enable hackers to hide in plain sight, diluting the effectiveness of traditional detection methods. Meanwhile, defenders are nervously trying to keep up with the accelerating pace of AI-empowered threats hitting them at machine speed.

npm now freezes high-impact accounts after risky account changes

npm shipped a new protection this week for its most depended-on accounts. When npm detects a sensitive action on a high-impact account, like an email swap or the use of a 2FA recovery code, it puts that account into a 72-hour read-only state and sends an alert to the previous email address. The package installs and downloads keep working as normal during this time, and the freeze lifts automatically at the end of the waiting period.

Microsoft WinRM Data in Graylog

If you’re running Windows in your environment, WinRM is one of the most valuable, and most abused channels in your infrastructure. Graylog provides a purpose-built way to make those logs immediately actionable. The Microsoft WinRM Content Pack, available with an Illuminate license and Graylog Enterprise or Graylog Security, delivers ready-to-use parsing rules, streams, GIM categorization, and a dashboard so you can turn raw WinRM operational events into structured, searchable security intelligence.

The MSP's Invisible Enemy: How to Pinpoint Friction in Cybersecurity

In managed security, failures rarely happen because of a lack of technology. They happen because of friction, small operational bottlenecks that slow down detection, skew prioritization, or delay incident response. That friction is silent, but deadly. More than any single tool, it determines an MSP’s actual capacity to protect its clients at scale. So, the real question isn't whether you have enough visibility. It’s: Where are your operations failing without you even realizing?

Persona's Sentinel helps you assess risk at every moment

You've built rigorous identity verification flows. You're running liveness detection, document checks, and behavioral analysis. And when users make it through, you rightfully clear them as trusted. But when users aren’t in a verification flow, you lose insight into the device, network, and behavioral signals that could flag a major risk. Sentinel extends passive signal collection to any moment in the user's life cycle.

FTC Report: Americans Lost $3.5 Billion to Imposter Scams Last Year

Imposter scams were the most commonly reported type of fraud in 2025, with Americans reporting $3.5 billion in losses, according to new data from the US Federal Trade Commission (FTC). Reported losses have increased nearly three times since 2020, and the true number is likely much higher since many scams go unreported. Losses across all types of fraud surged to $16 billion, a 25% increase compared to 2024.

Security Orchestration Tools: A CISO's Guide to SOAR

Your SOC probably already has good tools. A SIEM collects logs. An EDR catches suspicious endpoint behavior. Firewalls, identity systems, ticketing platforms, and threat intelligence feeds all do their part. Yet the team still spends too much time copying indicators from one console to another, validating the same alert twice, and documenting the response after the fact. That's the operational gap security orchestration tools are meant to close.

Why crypto companies still struggle to gain banking trust

The cryptocurrency industry has made significant progress in regulatory compliance over the past several years. New licensing frameworks and stricter anti-money laundering requirements have raised standards across the market. Even so, many legitimate crypto businesses continue to face difficulty when opening or maintaining banking relationships.