Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent research from Proofpoint highlights a growing trend in identity-based attacks. Rather than stealing passwords or exploiting software flaws, multiple threat actors are now abusing legitimate Microsoft authentication workflows to gain access to Microsoft 365 accounts at scale. This technique, known as device code phishing, is not new. What is new is how widespread the technique has become, particularly among both state-aligned and financially motivated adversaries.

I’m excited to announce CrowdStrike’s agreement to acquire SGNL, a leader in identity-first security. This acquisition will extend CrowdStrike Falcon Next-Gen Identity Security to deliver continuous, context-aware authorization for human, non-human, and AI agent identities across SaaS and hyperscaler cloud environments. As risk conditions and threats change, access to applications, data, and AI agents should change with them.

Founded in 1983 as a non-profit health care system, Covenant Health, Inc. sponsors skilled nursing homes, hospitals, assisted living residences, rehabilitation centers, and some health and elder services across New England.

In 2025, we saw attackers get bolder and smarter, using AI to amplify old tricks and invent new ones. The reality is, innovation cuts both ways. If you have tools, AI is going to make them even more dangerous. Last year proved that every leap forward in technology brings new risks right alongside the rewards. At CyberArk Labs, our mission is to uncover hidden vulnerabilities and provide actionable insights that help organizations fortify their defenses.

PAM solutions increasingly focus on zero standing privilege, just-in-time access, and session visibility to reduce identity-based risk and meet Zero Trust and cyber insurance requirements. Organizations should evaluate PAM platforms based on deployment flexibility, identity integration, and operational overhead.

NIS2 is the EU's comprehensive cybersecurity directive requiring essential and important entities to implement robust risk management, incident reporting within 24 to 72 hours, and supply chain security. Penalties can reach €10M or 2% of global turnover. Netwrix solutions help organizations support compliance through data security posture management, identity management, privileged access management, and audit-ready reporting.

Integrating security into the software development lifecycle (SDLC) is no longer optional. DevSecOps adoption promises to bridge the gap between development speed and security rigor, enabling teams to build secure software faster. However, the path to a mature DevSecOps practice is filled with obstacles. Understanding these challenges is the first step toward overcoming them. This post outlines the top 10 challenges that hinder effective DevSecOps adoption.

Malicious actors use different tactics to launch cyberattacks, commonly referred to as attack vectors. They exploit misconfigurations, weak controls, and other poor security practices to gain unauthorized access to victims’ systems. There is a document co-authored by cybersecurity authorities from various countries, like the US, Canada, the UK, the Netherlands, and New Zealand. It is released by CISA (Cybersecurity and Infrastructure Security Agency).

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Not following general advice, or skipping calling IT support can be a bad move…

Remember that annoying ‘paperclip’ in Microsoft Word 97? The one that was always trying to help you…Fast forward nearly 30 years and we now have AI. In the race to adopt artificial intelligence, businesses are embedding AI systems into their daily operations, streamlining workflows, enhancing productivity, and centralizing knowledge. But what happens when that very system becomes an attacker’s most valuable asset?