Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Modern engineering teams ship fast. Attackers move faster. CI/CD pipelines are no longer just build systems; they are a critical part of production infrastructure. A compromised pipeline can allow attackers to inject malicious code, poison dependencies, leak secrets, or deploy compromised builds directly to production. As Engineering Managers, we’re expected to maintain high delivery velocity while reducing security risks.

Applicability thresholds of state privacy laws often hinge on size or scale. TDPSA is different. It puts no revenue thresholds like CCPA or CPRA. So if your business operates in Texas or reaches the state’s residents, you’re most likely inside the scope already. The law took effect on July 1, 2024, and by January 2025, the universal opt-out obligations became fully enforceable. That transition is what moved TDPSA from a policy update to a website-level requirement.

From intelligent chatbots to autonomous agents, innovation has never moved faster thanks to GenAI. But with the rate of velocity comes a massive new challenge: a class of complex, non-deterministic security risks that traditional cybersecurity methods are simply not equipped to handle. AI-native applications are already running in production. Across industries, teams are deploying copilots, RAG systems, autonomous agents, and AI-powered workflows faster than traditional security processes can keep up.

AI agents are moving fast. They book meetings, draft emails, summarize calls, search internal knowledge bases, and increasingly act on behalf of users. And as more teams adopt these systems, a familiar question surfaces almost immediately: How does GDPR apply to AI agents? What we’ve learned—working with startups rolling out AI features across support, sales, HR, and engineering—is that GDPR is not a blocker.

On April 8, 2025, the National Security Division (NSD) of the US Justice Department (DOJ) implemented the Data Security Program (DSP).

In this episode of Security Matters, host David Puner welcomes back David Higgins, senior director in CyberArk’s Field Technology Office, for a timely conversation about the evolving cyber threat landscape. Higgins explains why today’s attackers aren’t breaking in—they’re logging in—using stolen credentials, AI-powered social engineering, and deepfakes to bypass traditional defenses and exploit trust.

Application Security, WAF, and OWASP form an interconnected defense strategy for web applications. OWASP (Open Web Application Security Project) provides the framework for identifying critical vulnerabilities through resources like the OWASP Top 10, while WAFs act as the protective layer that detects and blocks attacks targeting these vulnerabilities in real-time.

In times of geopolitical and economic instability, no organization would consider running without backups, additional support, clear end goals, and company-wide communication. Within business, the wisdom of strength in numbers and power in unity is widely understood. However, when it comes to its cybersecurity, a critical pillar that reputation, safety, and resilience rely upon, the opposite often happens.

Cilium network policies (CNPs) extend Kubernetes’ L3/L4 controls to the application layer (L7). CNPs provide teams with advanced networking capabilities, but they can also introduce new ways for connectivity to fail, especially in environments running thousands of workloads. Many of these issues stem from differences in how Kubernetes and Cilium interpret the same concepts, such as label scoping, IP-based rules, service identities, and how default-deny behavior is applied.

The Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in November 2025. The report also includes a synopsis of the threats, indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and related tags. Each threat has a comprehensive summary from Threat Labs and search queries from the Threat Research team.