Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Model Context Protocol (MCP) servers facilitate the integration of third-party services with AI applications, but these benefits come with significant risks. If a trusted MCP server is hijacked or spoofed by an attacker, it becomes a dangerous vector for prompt injection and other malicious activities. One way attackers infiltrate software supply chains is through brand impersonation, also known as typosquatting—creating malicious resources that closely resemble trusted ones.

What permissions are developers granting to Claude Code, and could those permissions pose a risk if the coding agent were exposed to malicious inputs? To answer this question, we turned to GitHub, the website where developers go to share their private configuration files. From Github we collected a dataset of 18,470.claude/settings.local.json files, each containing the permissions that a user granted to Claude Code for a software project.

Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed to combat this is Continuous Threat Exposure Management (CTEM). A structured and essential alternative that moves teams away from reactive scanning to proactive, ongoing validation and prioritization.

Aligning with a NIST framework is a strategic initiative for any organization serious about cybersecurity. It provides a clear roadmap to defending against sophisticated supply chain attacks, meeting evolving regulatory demands, and managing growing cyber risk exposure from third-party vendors. This guide explains the core NIST frameworks and provides a practical, 5-step implementation plan for building a resilient and defensible security program with a NIST standard.

Looking back at 2025, two mega-trends from the past have continued: First, data breaches remained a constant and continued to trend upward; and second, there was once again a headline disaster no one anticipated. The first point needs no elaboration; data breaches are like air pollution—an accepted nuisance that only occasionally becomes so severe that we wonder why we live like this. For the second point, I gesture toward the major incidents of recent years. MoveIt. Crowdstrike. Snowflake.

If 2025 has taught us anything, it’s that risk is no longer confined to the edges of your network. The traditional security perimeter has dissolved, with risk creeping into the very tools we use to run our businesses. Organizations faced off against catastrophic configuration errors, the weaponization of third-party trust connections, Multi-Factor Authentication (MFA) failures, and attackers who clearly love the holidays.

We've previously addressed the foundational problems of visibility and automated human risk management. However, the final, most enduring challenge remains: how do you address the human element that lies at the core of human cybersecurity risk? Now more than ever, users are prime targets for attackers, but the traditional playbook offers little more than check-the-box training (which is often easily forgotten).

Designated CVE-2025-55182 and widely dubbed "React2Shell," this vulnerability represents a worst-case scenario for modern web applications: Unauthenticated Remote Code Execution (RCE) on default configurations.

The rising threat of cybercrime, projected to reach an astonishing $13.82 trillion by 2028, is largely attributed to the expanding attack surface. This signals that organizations are more vulnerable than ever. Assuming your organization is safe, without ongoing visibility is dangerous. That’s because every digital asset poses a threat, whether a new tool or forgotten assets. Security and Operations Center (SOC) teams require real-time insight, which is why attack surface monitoring is crucial.

In our previous blog post, “Closing the Visibility Gap,” we established that visibility is the first step in managing the modern human attack surface; however, prioritizing that data is the next major concern for any CISO. Prioritization of human risk data is critical, as it directly informs governance and effective high-level decision-making. Simply put, prioritization is crucial to driving action.