Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.

Last July, I traveled with my wife and two-year-old daughter to my parent’s house on the coast for a week of summertime fun-in-the-sun. It’s a trip we try to make at least once a year to escape the day-to-day grind, see family, and lounge beside various bodies of water, all while enjoying complimentary, around-the-clock childcare (aka grandparents). At least that was the plan. Instead, I awoke on the very first morning of our trip feeling just about as sick as I’ve ever felt.

Few cybersecurity knowledge repositories are as broad, deep, or widely respected as LevelBlue Security Colony. Industry analyst firm IDC has recognized the value of Security Colony, noting that clients and other organizations interested in understanding their cybersecurity posture download thousands of resources each month, many of which are available at no cost.

Modern applications generate a constant stream of logs, some of which carry more information than they should. For too many organizations, logs include personally identifiable information (PII) such as customer names that were never meant to leave production systems. Teams try to limit this data exposure by using regular expressions to detect and obfuscate matches, only to discover that names like John O’Connor, Mary-Jane, Jane van der Meer, and A. García slip through.

We are back from the holidays and ready to kick 2026 into full gear! Check out the latest product updates from the past month.

Payment Card Industry Data Security Standard (PCI DSS) compliance isn’t a once-a-year exercise; it’s a year-round effort that requires regular validation to protect cardholder data, manage risk, and maintain audit readiness throughout the year. Compliance failures are rarely caused by a single missing control.

For years, data loss prevention has meant one thing: finding sensitive entities. Social Security numbers, credit card numbers, API keys—if you could pattern-match it, you could protect it. But this approach has always had fundamental limits. What happens when you need to protect customer IDs unique to your business? What about proprietary source code that doesn't contain any traditional PII?

The acting director of America's Cybersecurity and Infrastructure Security Agency—the person tasked with defending federal networks against nation-state adversaries—triggered multiple automated security warnings by uploading sensitive government documents to ChatGPT. If this happened at CISA, it can happen at your organization too.

A virtual CISO is your on-demand cybersecurity resource. We provide the same strategic leadership as an in-house CISO, without the full-time commitment. vCISOs are used by organisations that need experienced security leadership to meet their compliance requirements, manage cyber risk, and guide security decisions, but don’t yet have a permanent CISO, or may have an interim requirement for a vCISO.

John, a Cyber Threat Intelligence (CTI) analyst, turns to look at his CISO. He seems a bit rattled. John responds, “Yeah. Huge story.” “Massive. The board is worried and wants to know if this puts us at risk. We’re secure, right?” John hesitates.“Let me get back to you on that.” The CISO walks away. John races to his desk.