Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The NPM ecosystem has been rocked by one of its widest supply chain attacks to date, with over 187 popular packages compromised by advanced malware capable of self-propagation and automated credential harvesting. This attack, affecting packages with millions of weekly downloads including angulartics2, ngx-toastr, and @ctrl/tinycolor, demonstrates how cybercriminals are evolving their tactics to create “worm-like” malware that can autonomously spread across the software supply chain.

The enterprise is undergoing the most profound technological shift since the dawn of the internet. Artificial intelligence is no longer a side project or a productivity boost — it has become the new operating model for today’s businesses. Autonomous agents are reshaping how work gets done. Within the next year, nearly every organization will depend on them for competitive advantage. At the same time, adversaries are weaponizing AI to move at unprecedented speed and scale.

AI has redrawn the cyber battlefield. Adversaries are already automating every phase of the kill chain to strike faster, scale wider, and overwhelm defenders. Manual workflows and conversational assistants help teams move faster, but still bind them to human speed. Agentic AI changes the equation. It enables security teams to deputize trusted, mission-ready agents that reason, decide, and act on their behalf — at the speed of AI. The promise of agentic AI is clear.

Security leaders are well acquainted with Shadow IT; the unsanctioned apps, services, and even devices employees adopt to bypass bureaucracy and accelerate productivity. Think rogue cloud storage, messaging platforms, or unapproved SaaS tools. These all often slip past governance until they trigger a breach, compliance issue, or operational failure. Now, a more complex threat is emerging - Shadow AI.

In February 2024, a ransomware attack on a critical player in the US healthcare infrastructure sent shockwaves through the US and globally. Pharmacies were unable to process prescriptions using patients' insurance, leading to delays in medication dispensing and highlighting the fragility of the healthcare supply chain. Hospitals and medical offices faced severe operational disruptions, struggling to provide patient care, submit insurance claims, and receive payments.

On October 14th, Windows 10 will be retired, and Microsoft will no longer push patches or updates to systems on that operating system. It is crucial for companies to make the jump to Windows 11 now—or risk being exposed to critical vulnerabilities. This is especially important for Industrial Control Systems (ICS), which often run on legacy systems.

According to Forbes Advisor, 46% of Americans reported having their passwords stolen in 2024. This highlights just how essential tools like password managers are for secure credential management. Password managers generate, store and autofill strong passwords and passkeys, helping users maintain strong password hygiene without needing to remember every login credential.

Microsoft Teams has become the standard tool for digital collaboration in companies, public institutions and organizations alike. The platform offers all the functions modern teams need: Chat, meetings, file storage, project collaboration and more – fundamentally changing the way we work together across states and countries. But despite all the enthusiasm, Teams is not without its drawbacks – especially when used without proper control.

The NIS2 Directive (NIS2) is now in effect, but some organizations still haven’t taken action – risking a sharp reckoning as the directive marks a major shift in compliance requirements. Compared to other cybersecurity legislation, NIS2 is less about ticking compliance boxes and more of a ground-up rethink of an organization’s entire security posture, especially when it comes to privileged access. We’ve seen this before with GDPR.

The management of non-human identities (NHI) presents unique challenges that many identity and access management professionals are still learning to navigate. Service accounts, provisioned accounts, and automated system credentials require governance approaches that differ significantly from traditional user management.