Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, we're taking a big step toward making trust management even easier for our customers: Vanta has acquired Riskey, a company leading the way in real-time third-party risk monitoring. Their continuous vendor monitoring and alerting will soon be part of Vanta’s Vendor Risk Management product. ‍ Managing vendor risk is more important than ever.

Despite growing investments and advances in cybersecurity, incidents and data breaches continue to increase year over year. From the continuous uptick of vulnerabilities to the rapidly expanding human attack surface, it’s clear that as new risk points appear, threat actors are right there, ready to take action.

We are working tirelessly on our AI First strategy to better protect both humans and their AI tools. KnowBe4 and its advocates spend a lot of time talking to audiences about AI-enabled threats, and rightly so, as recently covered in dozens of previous posts, including this recent one. This year and next promise to be an explosion of cyber threats better enabled by AI. After years of saying AI attacks would be coming, they are here and will be the way that most cybercrime is committed forevermore.

Modern platforms demand modern protection. As organizations adopt Kubernetes, OpenShift, and hybrid cloud environments, legacy backup tools—designed for static, VM-only systems—fall short. Today’s applications span containers, VMs, and dynamic cloud-native services. Protecting OpenShift Virtualization requires more than basic snapshots or namespace-level restores—it requires precision.

Patrick Orzechowski (also known as “PO”) is Torq’s Field CISO, bringing his years of experience and expertise as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. You can find him talking to SOC leaders and CISOs from major brands at cybersecurity events around the world. Running a SOC isn’t for the faint of heart. I should know.

Fintech and banking ranked among the top three most targeted industries in 2024, according to the CISO’s guide to DevOps threats. Real-world incidents underscore this trend: Byte Federal, the leading Bitcoin ATM operator in the U.S., suffered a breach linked to a GitLab vulnerability. Meanwhile, financial software provider Iress and crypto wallet company Ginco were both targeted by threat actors exploiting GitHub repositories. Source: 2024 DevOps Threats Unwrapped.

Cybercriminals don’t need to be sophisticated. They just need the opportunity—and in Ireland, there’s still too much low-hanging fruit. Many of the vulnerabilities being exploited across Irish networks today aren’t new. They’re years old. Attackers are taking advantage of outdated systems that haven’t been patched, relying on free, off-the-shelf tools to scan for weaknesses—and finding them far too easily. This isn’t a theoretical risk.

Artificial intelligence—it’s a term you’ve likely encountered more than once today, and this won’t be the last. And while it reshapes how businesses operate, it’s also introducing new risks. As organizations embrace AI-powered tools for efficiency and innovation, it becomes essential to understand what technologies your vendors rely on, and what those choices mean for your cybersecurity posture.

In an environment where the volume of threats is growing and the pressure to protect critical assets is constant, oragnizations and managed service providers (MSPs) are inundated with notifications. Prioritizing critical vulnerabilities takes time, resources and careful analysis. However, false positives also slip into this constant flow of alerts. Far from being harmless, these false alarms can create an even bigger problem: alert fatigue.

Shadow AI refers to the use of unapproved AI tools in the workplace without IT’s knowledge or oversight. Cisco’s 2025 Data Privacy Benchmark Study found that 81% of organizations lack full visibility into which AI tools their employees are using (Cisco, 2025). If you’re not monitoring AI use, you’re not managing AI risk. And in 2025, ignorance is expensive.