Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Protecting sensitive data does require investment, and that mindset hasn’t been universal. Now, it isn’t an option. It’s time to move from debate to execution.

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed to combat this is Continuous Threat Exposure Management (CTEM). A structured and essential alternative that moves teams away from reactive scanning to proactive, ongoing validation and prioritization.

PCI DSS compliance requires an organizational implementation of the required processes and procedures. Your compliance efforts are typically sabotaged by mistakes made from the top. We’re going to briefly discuss the top PCI DSS Compliance Mistakes that are made and how to avoid them.

Early in the year, we introduced multiple drafts for Change Control. This feature enables builders to work on the same project simultaneously, each within their own draft environment. The upside? Agents were the talk of the town in 2025. Tines CEO Eoin Hinchy shared his thoughts on how they could help end muckwork, and shortly after, we launched the AI Agent action.

Encrypting internal traffic and enforcing mutual (mTLS), a form of TLS in which both the client and server authenticate each other using X.509 certificates., has transitioned from a “nice-to-have” to a hard requirement, especially in Kubernetes environments where everything can talk to everything else by default.

Globally, 88% of companies regularly use AI in at least one business function—a 10% increase from the previous year. But as organizations race to adopt new capabilities, we’ve found that the rigor and maturity of AI governance vary widely by region. ‍ The third edition of our State of Trust report reveals how leading AI adopters outside the U.S.—from the UK to Germany, France, and Australia—are approaching AI security and governance in distinct ways.

Some attacks are easy to spot. Others aren’t. In many cases, nothing obviously breaks or crashes, and no malware ever shows up. Nothing looks wrong at first. Access appears normal, and systems continue to run as usual. Modern attacks are challenging to detect because attackers often use the same tools and access paths as legitimate users. In addition, attackers remain low-key and use access that appears normal.

Securely scale search, security, and observability apps on any cloud provider. We are thrilled to announce a major milestone in our commitment to security, privacy, and regulatory compliance for Elastic Cloud Serverless. Elastic Cloud Serverless has now attained a comprehensive suite of key compliance certifications across all of our available cloud providers: Amazon Web Services (AWS), Microsoft Azure, and Google Cloud (GCP).