Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Before the AI spectacle of RSA arrives, let’s talk about what actually keeps regulated organizations secure RSA is only weeks away. And if you’ve been paying any attention to the pre-conference buzz, or if you work in technology generally, you already know what it’s going to feel like walking that floor: artificial intelligence, everywhere, in everything. AI-powered detection. Autonomous response. Agentic security copilots in everything from threat monitoring to your morning coffee.

Your systems are fully patched. Your vulnerability scanner comes back clean. But are they actually secure?

A multinational financial institution walks into its annual PCI DSS review confident it has “checked the boxes.” Firewalls are segmented, logs are retained, access controls are documented, and the audit report is clean. Months later, the same organization is reprimanded by the UK Information Commissioner’s Office (ICO). The controls were properly implemented.

Big changes to HIPAA are coming in February 2026 including new rules on how sensitive health data is handled, and updates to the required patient privacy notices. IT teams will play a key role in making sure those protections are actually enforced.

If your organization does business with the U.S. Department of Defense, or plans to, you need to know about a major change that just went into force. CMMC, or Cybersecurity Maturity Model Certification, is the Department of Defense’s standard for ensuring contractors meet basic cybersecurity requirements. It was designed to protect sensitive government data across the entire defense supply chain. As of November 2025, CMMC is no longer optional.

Interactive logon refers to users authenticating directly to a Windows system through its interface, such as a GUI or command line. Because these logons grant immediate access to a live session, misconfigured interactive logon policies can expose systems to credential theft and unauthorized access. This guide explains which interactive logon settings matter, where risks commonly appear, and how to harden them effectively.

Creating a safe and secure environment is a top priority for all types of organizations. To accomplish this goal, it is essential to adhere to group policy best practices, particularly in the realm of GPO security. By configuring fundamental Group Policy Settings correctly, organizations can significantly enhance their security posture. When Group Policies are utilized effectively, they play a crucial role in safeguarding users’ computers from various threats and potential breaches.

Continuous Threat Exposure Management (CTEM) is a proactive cybersecurity framework that continuously reduces your attack surface in response to emerging threats.

NTLM Relay attacks should be history. Yet in 2025, they remain one of the most effective ways to compromise Active Directory. We first covered this problem back in 2020, when we wrote about a troubling vulnerability that refused to die: NTLM Relay attacks. At the time, many believed NTLM Relay attacks were a relic of the past, an old problem long solved by Kerberos and modern authentication protocols.

CISA has just added a new CVE regarding SMB, with a very high CVSS rating. CVE-2025-33073 is a high-severity (CVSS 8.8) vulnerability in the Windows SMB client caused by improper access control (CWE-284). An authenticated attacker can exploit it over the network to gain elevated privileges. Microsoft has issued guidance on how it should be patched and CalCom recommend this be done immediately.