Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this article When it comes to demonstrating security and compliance maturity, many organizations find themselves asking the same question: Should we pursue SOC 2 or ISO 27001? Both frameworks are highly respected in the world of information security and risk management. However, they differ in purpose, scope, geographic recognition, and implementation requirements.

Learn how to enforce password policies in Active Directory with best practices and self-service tools like miniOrange SSPR to reduce IT workload and boost security.

Connecting to an application should be as simple as knowing its name. Yet, many security models still force us to rely on brittle, ever-changing IP addresses. And we heard from many of you that managing those ever-changing IP lists was a constant struggle. Today, we’re taking a major step toward making that a relic of the past.

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) researchers have uncovered a recent cyber campaign featuring a unique twist on fake browser updates. This attack leveraged the GrimResource vulnerability and delivered the PureLogs stealer malware to targeted environments through disguised Microsoft Management Console (MSC) files.

Exposure management doesn’t end when you discover and prioritize vulnerabilities. The real measure of success is whether you’ve effectively remediated those exposures. Too often, security teams identify risks but struggle to see them resolved because remediation processes aren’t aligned across people, tools, and workflows. Exposure remediation best practices address this gap, ensuring that insights lead to action and that action drives measurable risk reduction.

On September 18, 2025, an Analysis Report was issued by CISA that details information about two sets of malware it obtained from an organization that was compromised during May 2025. To gain initial access, the threat actors chained together known vulnerabilities outlined in CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM) before deploying the malware, which allowed them to achieve remote code execution (RCE).

GenAI adoption is exploding across organizations, transforming how work gets done and where data moves. CrowdStrike is announcing four new innovations in CrowdStrike Falcon Data Protection to empower organizations to embrace GenAI tools while securing data across endpoints, cloud, GenAI, and SaaS environments.

CrowdStrike continues to raise the bar for modern identity protection. We are excited to announce innovations including phishing-resistant multifactor authentication (MFA), new privileged access capabilities, and identity-driven case management, all part of CrowdStrike Falcon Next-Gen Identity Security.

Artificial intelligence (AI) has come a long way over the past six decades. From simple chatbots in the 1960s to today’s sophisticated large language models (LLMs), mimicking human behavior has always been one of AI’s most intriguing applications. At present, though, AI cannot plan or make decisions as humans do. If it could, the ethical implications of AI would suddenly become much more complex. That’s where agentic AI comes in.

Generative artificial intelligence (GenAI) has firmly embedded itself in the workplace. As of 2024, more than two-thirds of organizations in every global region have adopted GenAI. And, as always, cyber criminals are eager to capitalize on a new and potentially powerful piece of technology. Over the past few years, a GenAI tool called FraudGPT has made phishing, hacking, and identity theft as simple as entering an AI prompt. FraudGPT and similar tools are essentially democratizing cyber crime.