Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When we first launched Project Calico in 2016, we set out to make Kubernetes networking easy, reliable, and scalable for all organizations. Our goal was to abstract away the complexity and performance overheads of other CNI plugins while simultaneously extending Kubernetes network policy to make it easier to secure your Kubernetes workloads.

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) latest report. This is nearly double the amount requested during Q3 2024. The researchers found that Gmail accounts were used to launch 81 percent of BEC scams last quarter. The report also warns of a surge in SMS phishing scams impersonating toll operators in the US, driven by a popular Chinese phishing kit.

Staying on top of corporate security trends may seem like a hassle, but it actually has great benefits for your organization. Understanding security trends helps businesses benchmark their performance—including within their specific industry—and strengthen their security posture to align with the best performers.

Managing the vendor remediation process is no small feat. While on the surface, it might seem like the bulk of the heavy lifting is done once you complete your initial assessment, you (and every other security team on the planet) know this couldn’t be further from the truth. After all, if your team doesn’t constantly track remediation efforts and validate corrective actions, how else are you supposed to ensure vendors effectively mitigate the risks you identified?

New StilachiRAT malware enables crypto theft and reconnaissance, AMOS and Lumma stealers spread via Reddit posts, and 41% of user logins used compromised passwords.

For founders of early-stage startups in Australia and New Zealand, growth is the ultimate goal. You’re focused on building an exceptional product, winning customers, and scaling fast. But one thing that should also be on your radar is security compliance. ‍ The reality is, compliance isn’t just about meeting legal requirements or ticking a box when an enterprise customer asks for certifications. It’s a strategic advantage.

Security teams today face increasing pressure to quantify the effectiveness of their application security programs. Whether it’s justifying security investments to leadership or demonstrating compliance with regulations like PCI DSS, HIPAA, and GDPR, teams struggle to showcase the real impact of their security efforts. Without clear, actionable data, proving that an AppSec program is actively reducing risk becomes a challenge. That changes today.

In February of 2025, North Korean state-backed cybercriminals stole over $1.9 billion from a popular crypto exchange. That's a mind-boggling amount of money, let alone from a breach. But here's the craziest part; it was excruciatingly simple. In short, it went down like this: an engineer was phished, attackers located static API keys — and just like that, attackers had direct access to critical cloud resources. Static credentials strike again.

Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes introduces risks that, without proper API security, can compromise sensitive data and decision-making.

‍Modern organizations have to navigate a complex web of risks, some of which are easily controllable and others that pose a significant challenge to stability, reputation, and growth.