Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial Intelligence (AI) is transforming cybersecurity, but not always for the better. While organisations adopt AI to strengthen their defences, cybercriminals and nation-state actors are exploiting the same tools to launch faster, more sophisticated, and harder-to-detect attacks. From AI-powered phishing and malware evasion to deepfake-enabled fraud, adversarial AI is no longer a future risk, it’s a present-day reality.

Every IT team is under pressure to “do more with AI.” A new tool promises smarter workflows, a new agent claims to replace manual tasks. But if you’re managing service requests, availability SLAs, patch cycles, infrastructure capacity, and application performance every day, you know the truth: AI doesn’t automatically reduce complexity on its own.

Few security practices carry as much weight as patch management. Consider the cautionary tale of Travelex. In early 2020, the British currency exchange was hit by a ransomware attack that spread quickly across its network, locking staff out of their systems. Reports suggest the company paid millions to restore access and prevent sensitive data from being sold; an outcome that underscores how a single gap in patching can cascade into a business-wide crisis.

On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.

On September 8, 2025, a large-scale npm supply chain attack quickly compromised 18 popular packages (with the 18 packages representing more than 2.6 billion weekly downloads within the bioinformatics ecosystem). Attackers hijacked a maintainer’s account by impersonating npm support in a phishing campaign to upload backdoored versions of popular packages like chalk, debug, ansi-styles, and supports-color.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Updates on last week’s certificate issuing error.

It’s one thing for us to say Nucleus is changing how enterprises address vulnerability and exposure management. It’s another when three different analyst firms all say it, and at the same time. In recent weeks, Forrester, IDC, and GigaOm each published their latest market evaluations, recognizing Nucleus in all three. That’s rare validation in a market where many vendors don’t even make the cut for inclusion.

Agentic AI—the emerging class of autonomous systems that can plan, decide, and act with limited human oversight—has become one of the most talked-about technologies of 2025. The promise is enormous: faster operations, automated decision-making, and the ability to handle complexity at scale.

Database failures strike without warning. Hardware crashes, human errors, and ransomware attacks can shut down your entire operation in minutes. When disaster hits, your SQL database backup strategy determines whether you face a quick recovery or weeks of downtime. This article shows you exactly how to backup SQL databases using proven methods that work. You’ll master T-SQL commands, SSMS operations, and PowerShell automation scripts.

Security experts dedicated to shaping insightful editorial content, guiding developers and organizations toward secure cloud app development. Dive into a wealth of knowledge and experience in fortifying software integrity. Today, we’re excited to announce a powerful new integration: Jit now connects with CrowdStrike’s Falcon Cloud Security to deliver runtime‑verified vulnerability insights directly into developer workflows.