Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Privileged Access Management (PAM) is your organization's security control center for managing and monitoring high-level access to critical systems. Think of it as a sophisticated vault system that safeguards your most powerful administrative credentials while maintaining detailed audit trails of their usage. As we head into 2026, PAM has become crucial. Here's why: Cyberattacks are getting scarier and more complicated.

During a recent investigation into AMOS InfoStealer, Kroll Threat Intelligence Team has discovered a troubling new delivery vector that leverages the growing trust users place in AI tools. In this case, attackers leveraged ChatGPT as the source of guidance, tricking victims into initiating the infection, presenting it as a legitimate solution to a common technical problem. Victims were tricked into believing they were running a harmless command to fix a sound issue on their Mac device.

Defining success looks different for security organizations than it does for product, infrastructure, and other engineering teams. The latter group can often point to tangible outcomes, such as newly shipped features or performance improvements. Security orgs succeed when risks are lowered and the company’s posture improves over time, which are results that aren’t as easy to recognize but still valuable.

We've previously addressed the foundational problems of visibility and automated human risk management. However, the final, most enduring challenge remains: how do you address the human element that lies at the core of human cybersecurity risk? Now more than ever, users are prime targets for attackers, but the traditional playbook offers little more than check-the-box training (which is often easily forgotten).

For decades, cybersecurity has been organized around three dominant pillars: endpoint security, network security, and cloud security. These domains have shaped technology categories, vendor ecosystems, and enterprise budgets. They have matured into multi-billion-dollar markets, each responding to successive waves of digital transformation. However, a tectonic shift is underway.

Incident response (IR) plans are a cornerstone of organisational resilience. Many businesses maintain policies, run tabletop exercises, and document procedures, but high-impact incidents still expose gaps in real-world response. Red team exercises provide a practical, objective-driven way to test incident response readiness.

When UNECE WP.29 came into force, it transformed the global automotive industry. For the first time, cybersecurity became a mandatory requirement for modern vehicles — not a marketing feature, not a technical add-on, but a regulated obligation. WP.29 forced manufacturers to rethink how vehicles were designed, updated and secured, requiring formal Cybersecurity Management Systems (CSMS) and Software Update Management Systems (SUMS) across the entire vehicle lifecycle.

CrowdStrike is introducing two powerful innovations in CrowdStrike Falcon Shield to stop identity-based attacks in the AI era: a centralized view of AI agents across platforms and the integration of first-party SaaS telemetry into CrowdStrike Falcon Next-Gen SIEM — the industry’s first native integration of SaaS security posture management (SSPM) and next-gen SIEM.

Avast advises how to spot fake e-shops, recognize new methods scammers use, and remain safe this holiday season. Holiday shopping is in full swing, and so is the hunt for great deals. As online shopping becomes the default for many, a shadowy industry of fake e-shops is growing right alongside it. The holiday season is the perfect time for scammers. People are hurried, stressed and busy getting the best gifts for their loved ones, which makes it harder to stay alert.

Creating a safe and secure environment is a top priority for all types of organizations. To accomplish this goal, it is essential to adhere to group policy best practices, particularly in the realm of GPO security. By configuring fundamental Group Policy Settings correctly, organizations can significantly enhance their security posture. When Group Policies are utilized effectively, they play a crucial role in safeguarding users’ computers from various threats and potential breaches.