Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

By the time you reach PCI DSS 4.0.1 Requirements 6.4.3 and 11.6.1, the easy wins are behind you. This is the point where compliance turns into configuration. Tag managers, consent scripts, and payment flows all intersect here, and the guidance feels just vague enough to slow everything down. Which tag rules belong in scope? How do you prove a script was authorized? What’s the right way to detect a change without flooding alerts?

PCI DSS compliance is often seen as a one-off task, that is, you do the audit, implement controls, and then move on. But then there comes the problem - systems aren’t static, meaning that files, scripts, and configurations change constantly, and even small untracked changes can create gaps that lead to non-compliance or security issues. This is where File Integrity Monitoring (FIM) comes in.

Securing what comes into your Kubernetes cluster often gets top billing. But what leaves your cluster, outbound or egress traffic, can be just as risky. A single compromised pod can exfiltrate data, connect to malicious servers, or propagate threats across your network. Without proper egress controls, workloads can reach untrusted destinations, creating serious security and compliance risks.

This article has been authored by Cynthia Yang and Sorabh Chopra. As cyber threats evolve, traditional credential management falls short. A mature identity and access management (IAM) framework is essential to secure digital identities and reduce risk.

You've been here before. The vendor risk assessment is complete, the report is generated, and it lands on a stakeholder's desk. And yet, this comprehensive, detailed document, which provides vital information on a vendor's security posture, goes nowhere. The handoff lands in limbo.

When an auditor walks through your door, they aren't looking for a list of vulnerabilities; they're looking for proof that your Third-Party Cyber Risk Management (TPCRM) program is consistent, defensible, and robust. Internal and external auditors evaluate the Vendor Risk Management process by testing evidence, but they do so with different goals.

The world is in a race to build its first quantum computer capable of solving practical problems not feasible on even the largest conventional supercomputers. While the quantum computing paradigm promises many benefits, it also threatens the security of the Internet by breaking much of the cryptography we have come to rely on. To mitigate this threat, Cloudflare is helping to migrate the Internet to Post-Quantum (PQ) cryptography.

The most underserved cyber insurance market is the small and medium-sized businesses, emphasis on the small. There are roughly 33 million small business in the United States, and according to the insurance industry, there are only 4.3 million cyber insurance policies issued to small businesses… So what options do they have?

In this episode of Security Matters, host David Puner sits down with Yuval Moss, CyberArk’s VP of Solutions for Global Strategic Partners, to explore the fast-evolving world of agentic AI and its impact on enterprise security. From rogue AI agents deleting production databases to the ethical blind spots of autonomous systems, the conversation dives deep into how identity and Zero Trust principles must evolve to keep pace.

Famous Chollima combines BeaverTail and OtterCookie, COLDRIVER deploys three new malware families, and Vidar Stealer 2.0 demonstrates upgraded capabilities.