Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The latest updates to KeeperAI threat detection introduce meaningful updates across PAM resources, PAM configuration settings, gateway settings and session history, providing an enhanced security layer within the web vault architecture. KeeperAI automatically monitors and analyzes SSH sessions in real-time to identify suspicious or malicious activity, ensuring that high-risk sessions are automatically terminated and all user activity is analyzed and categorized.

Agentic AI is moving into production in CI/CD pipelines, internal copilots, customer support workflows, and infrastructure automation. These systems no longer just call a model. They plan, decide, delegate, and take actions on behalf of users and other systems. This creates new attack surfaces that do not map cleanly to traditional application security or even the OWASP Top 10 2025.

Which is the best aspect to focus on first: network or identity? That’s a question many organizations ask when planning their Zero Trust journey. While both are key pillars to address in a Zero Trust journey, the overarching approach should be to start with your data and let that data be your guide. Data Security Posture Management (DSPM) plays a unique role in enabling businesses to achieve this thanks to its capacity for identifying potentially insecure combinations of identity, access and data.

On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these vulnerabilities allow an unauthenticated threat actor to bypass FortiCloud SSO login authentication via a crafted SAML message if the feature is enabled on the device. Fortinet states that FortiCloud SSO login is disabled by default in factory settings.

ggshield, GitGuardian’s CLI, can help you keep your secrets out of your repos, pipelines, and much more. Download our handy cheat sheet to help you make the most out of our CLI.

If Darth Vader and the rest of the Empire made one major strategic mistake, it was failing to understand the important role that the human element plays in security. Convinced of their superiority, the Empire’s leaders assumed that the Death Star was impenetrable. However, in the end, it was a scientist and his team who compromised the technology by building in a backdoor.

Gender based violence does not begin with technology, but technology has become one of the easiest tools for it to grow. Misogyny, entitlement and harmful gendered beliefs shape how abusers use digital platforms, devices and online spaces to control, shame or silence women and people of marginalised genders. To tackle cyber abuse effectively, we cannot focus only on the technology. We also need to challenge the attitudes and norms that fuel the harm.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Fareed Cheema is the Global Head of Sales Engineering at Torq, leading worldwide pre-sales strategy, execution, and technical innovation. Over the past 3.5 years, he has helped scale Torq’s technical and go-to-market teams while driving customer success in a rapidly changing security automation market.

Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.

The cybersecurity world is currently buzzing about React2Shell (CVE-2025-55182), a critical remote code execution (RCE) vulnerability affecting React and Next.js. The scale of the threat is massive: researchers have already identified over 77,000 vulnerable IP addresses exposed to the internet, and confirmed that state-sponsored actors and opportunistic crypto miners have already breached at least 30 organizations. But if you look closely, this isn't really a story about React.