Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Do you know what it takes to launch a retail website that neatly organizes products and enables customers to add items to their carts with a single click? Do you know what powers the booking system your clients rely on? What is the hidden engine that manages your clients’ logistics, controls their supply chain, processes invoices and stores data for analytics and compliance? These are the systems MSPs are trusted to keep running every day. Critical servers.

Endpoint threats are evolving faster than ever - more automated, more precise, and harder to stop with detection alone. Today’s security teams need more than alerts; they need clarity, context, and the ability to respond in real time without adding complexity or operational strain. On January 29, 2026, at 8am PST (4pm GMT), join WatchGuard and GigaOm for an educational webinar that cuts through the noise around endpoint security.

On January 13, 2026, Fortinet released an advisory describing a high-severity remote code execution vulnerability affecting its FortiOS and FortiSwitchManager products. According to Fortinet, the vulnerability stems from a flaw in the CAPWAP Wireless Aggregate Controller Daemon and could allow an unauthenticated, remote threat actor to execute arbitrary code or commands. The vulnerability was discovered internally by Fortinet’s Product Security Team.

In AI-powered security, advantage comes not from automation alone, but from clear insight into how decisions are made. At Arctic Wolf, home to one of the world’s largest commercial security operations centers (SOC), we process over 10 trillion security events weekly. Rather than chasing automation for its own sake, we build AI that scales human expertise – preserving judgment where it matters most. But what is the optimal combination of humans and machines for security operations?

Gartner frames the AI SOC landscape as a dichotomy: providers pursuing full SOC replacement versus those building AI products to augment existing staff. Of these two approaches, only augmentation aligns with real-world security operations. It helps analysts triage alerts, investigate faster, enrich context, and summarize incidents with better consistency, all while keeping humans in the loop, even if their day-to-day efforts change.

Security teams can now eliminate container vulnerabilities at the source without developer effort or version upgrades. At Seal Security, we believe vulnerability management should start with secure foundations.That’s why we’re excited to share that Seal’s pre-patched packages to harden base and secure images are now officially integrated in Wiz. This partnership brings together Wiz’s best-in-class cloud visibility with Seal’s remediation-first approach to container security.

The latest MITRE ATT&CK Enterprise Evaluations are out, featuring scenarios that emulate sophisticated actors like Scattered Spider and Mustang Panda. While every release of the findings is a significant event for the security community, this year’s evaluation highlights both new and recurring concerns for security professionals.

Jesse Emerson, Chief Product Officer at LevelBlue, the world’s largest pure-play Managed Security Service Provider (MSSP), recently sat down to answer a few questions about what makes an MSSP a valuable client resource and how he sees the MSSP’s role changing in the coming year.

If you operate pharmaceutical websites, portals, adherence tools, or patient support platforms, client-side execution is part of your compliance surface. Analytics, pixels, chat interfaces, and third-party libraries stop being neutral once they run alongside condition-specific content, authenticated access, or patient-initiated actions. At that point, they participate in disclosure. OCR’s clarification on tracking technologies did not create new obligations.

Content Security Policy looks like it was designed for PCI Requirement 6.4.3. You define which domains can load scripts on your payment page, the browser enforces it, and unauthorized code gets blocked. For teams drowning in third-party JavaScript, CSP feels like the obvious answer. Then you get to your audit, and the QSA starts asking questions CSP can’t answer.