Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Operational disruptions, regulatory mandates and reputational risks now make data breach notification a strategic necessity. To ensure breach notification is truly impactful, it must be seamlessly integrated into an organization’s incident response plan, for timely, compliant and coordinated communication following cybersecurity incidents.

A newly disclosed vulnerability tracked as CVE-2026-25639 puts Node.js applications using Axios at risk of remote Denial-of-Service attacks. By sending a specially crafted configuration object, attackers can trigger a fatal runtime error inside Axios’s internal request handling logic, causing the Node.js process to crash instantly.

Non-human identities are the fastest-growing and least-governed identity population in most environments. Service accounts, API keys, and AI agents run without MFA, without owners, and without expiration. Traditional identity and access management (IAM) wasn't built to manage them. Without governance for discovery, ownership, and lifecycle management, stale machine credentials become attacker footholds that persist for months.

CVE-2026-22769 is a hardcoded credential vulnerability affecting Dell RecoverPoint for VMs, a disaster recovery orchestration platform used to manage replication and failover of virtualized workloads. The issue stems from static authentication credentials embedded within a product component. Because these credentials are not uniquely generated per deployment and cannot be changed by administrators, they introduce a structural authentication weakness.

AI data governance is the structured framework that ensures sensitive data remains protected when artificial intelligence systems are used. Traditional data governance focuses on data at rest. It manages databases, access controls, storage policies, and compliance documentation. AI fundamentally changes the environment, and hence, understanding AI data and privacy is crucial. When organizations use large language models, AI agents, or retrieval-based systems, data flows dynamically.

Most teams try to fix prompt injection in the prompt itself. They add guardrails. They rewrite system messages. They stack more instructions on top of instructions. It feels productive. It is also fragile. Prompt injection is not just a prompt problem. It is a data problem. And if you treat it like a wording problem instead of a data control problem, you will keep playing defense. Let’s unpack why.

Social engineering remains the most reliable way into an organization—and attackers are getting better at it every day. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of breaches involve social engineering. AI has only widened the gap. More than 95% of cybersecurity professionals say AI-generated phishing is harder to detect, and Microsoft reports that AI-generated phishing emails are 4.5x more successful than manually created ones.

Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. The invites lead to convincingly spoofed landing pages for fake video meetings, complete with a list of coworkers who have supposedly already joined the call. The page instructs the user to install a software update in order to join the video meeting.

As cyber defenses become stronger, adversaries continue to evolve their tactics to succeed. In 2025, the year of the evasive adversary, the threat landscape was defined by attacks that targeted trusted relationships, demonstrated fluency with AI tools, and incorporated tradecraft tailored to exploit security blind spots.

OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you to log in with popular accounts such as a social media login, Microsoft or Google account.