Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

Red Team Penetration Testing is a simulated cyberattack that mimics real-world threat behavior to identify vulnerabilities, test defenses, and evaluate how effectively an organization can detect and respond to an attack. It goes beyond traditional testing by focusing on how an attacker would actually move through an environment.

AI agents create data exfiltration risk by combining three capabilities that are dangerous together: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three exist in one agent, an attacker can hide instructions inside an email, document, or webpage the agent processes and trick it into sending sensitive data out. No software vulnerability is required. The attacker doesn't need to break in. They just need to talk to your agent.

We're excited to announce our new partnership with Friends Against Scams, a National Trading Standards initiative working to protect people from scams across the UK. Together, we've created a cybercrime factsheet to help individuals understand the threats they face online, who is most at risk, and where to turn for support.

Alert fatigue is quietly draining security teams, slowing response times, and increasing business risk. As cyber threats rise and alerts multiply, organisations need smarter prioritisation and actionable intelligence, not more noise.

Last week, OpenAI released Privacy Filter, an open-weight model for detecting and redacting PII in text. It is a thoughtful release: Apache 2.0 licensed, able to run locally, designed for high-throughput workflows, and built to go beyond regex-based detection. This is good news for everyone building enterprise AI. Privacy at the model layer is getting real attention. What we liked most was how clearly OpenAI described the role of the model.

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.

We're proud to announce that Frost & Sullivan has named CrowdStrike a Leader for the fourth consecutive time in the 2026 Radar for Cloud-Native Application Protection Platforms. This recognition validates our continued investment in combining posture management with real-time detection and response, and reinforces our leadership in stopping cloud attacks.

Cyber risk used to be the kind of problem you could delegate. Something for the CISO, the IT team, and maybe an external auditor to worry about once a year. That comfort zone is gone. In the last decade, a new reality has set in: a single cyber incident can erase hundreds of millions of dollars in market value in a matter of days, derail strategic plans, and permanently rewrite how investors see a company.

For years, the defensive side held the asymmetric advantage over threat actors. Writing exploits requires a deep understanding of how memory corruption works, how authentication tokens can be forged, etc. That knowledge gap is what made it hard to exploit a vulnerability. LLM proliferation lowered that floor and quickly removed that advantage. Even script kiddies can now carry out cyberattacks like APTs without understanding POC.