Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You might not recognize the term “OAuth,” otherwise known as Open Authorization, but chances are you’ve used it without even realizing it. Every time you log into an app or website using Google, Facebook or another account, OAuth grants that service limited access to your data without sharing your password. OAuth simplifies user authentication across platforms, making it a key part of secure online experiences.

This week, we announced an important development in our journey to deliver the industry’s most powerful, comprehensive identity security platform. CyberArk has acquired Zilla Security, a leader in modern Identity Governance and Administration (IGA) solutions, bringing their cutting-edge, AI-powered technology into the fold of our industry-leading platform.

In the inaugural episode of the Security Matters podcast, host David Puner dives into the world of AI security with CyberArk Labs’ Principal Cyber Researcher, Eran Shimony. Discover how FuzzyAI is revolutionizing the protection of large language models (LLMs) by identifying vulnerabilities before attackers can exploit them. Learn about the challenges of securing generative AI and the innovative techniques used to stay ahead of threats.

The introduction of OpenAI’s ‘Operator’ is a game changer for AI-driven automation. Currently designed for consumers, it’s only a matter of time before such web-based AI agents are widely adopted in the workplace. These agents aren’t just chatbots; they replicate human interaction with web applications, executing commands and automating actions that once required manual input.

Developers are incredibly valuable to an organization’s progress and evolution. They must innovate quickly while simultaneously navigating changes to their day-to-day operations as companies heighten security requirements in the cloud. If developers find these security measures cumbersome, creating hurdles that plague their progress, they will likely bypass them altogether.

Imagine a sleek, high-tech sports car racing downhill without brakes. Now, imagine that car is actually the AI driving your business. Powerful yet precariously close to catastrophe. That’s why, as we accelerate AI adoption, including AI agents, we can’t afford to overlook security guardrails. This fact was front and center during the recent “large-scale cyberattack” on DeepSeek, a strategic open-source AI player from China that’s been disrupting the global AI space.

As a former black hat hacker, social engineering and phishing concepts are not new to me. I have used these techniques in my previous life, so I know their effectiveness. Having spent years immersed in the intricacies of social engineering, I’m always looking for new twists on this age-old technique.

In today’s threat landscape, you’re at risk if you don’t have all your identities—human and machine—secured with the right level of intelligent privilege controls. And the risk is even more significant when identities and privileges on your mission-critical Linux servers, especially those that run critical workloads or have sensitive data, are managed in silos, separately from the rest of the infrastructure.

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity.

There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise—a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact detection, investigation and response times. It’s a calculated strategy that works reliably, year after year. And now there’s another holiday surprise to add to the list—the recent attack on the U.S. Treasury Department.