Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cybersecurity landscape is in constant flux, shaped by emerging technologies, evolving threats, and increasing regulatory demands. As organisations strive to protect their digital ecosystems, the challenge isn’t just collecting data—it’s turning that data into actionable strategies that drive meaningful change. Next week, we’ll unveil the 16th edition of Veracode’s flagship State of Software Security (SoSS) report—a cornerstone of the cybersecurity calendar.

A Malicious NPM Package Hides Pulsar .NET Malware Inside PNG Images.

AI-driven fraud attacks spiked by more than 1200% in December 2025, according to a new report by Pindrop Security. Threat actors are using AI to assist in every stage of the attack, from deploying bots to conduct reconnaissance to using deepfakes to trick humans. “According to Pindrop internal data, AI fraud (or non-live fraud) surged 1210% by December 2025,” the researchers write.

Social engineering remained the top initial access vector for cyberattacks in 2025, with increasing assistance from AI tools, according to a report from ThreatDown. The researchers warn that AI will likely become a core component of social engineering attacks throughout 2026. “Deepfake voice, image, and video impersonation now requires minimal expertise and only a handful of reference images or seconds of audio,” the researchers write.

Digital sovereignty is not a talking point anymore. It is a real technical requirement. Governments, telcos, and regulated enterprises are building sovereign clouds on OpenStack to keep data under their jurisdiction. But what about the backups? If your sovereign cloud data protection solution uses a proprietary format, you have traded one lock-in for another.

With an ever-increasing demand for additional security from today’s technology platforms, Microsoft is implementing several new measures to build a more robust ecosystem by default.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! The comments are particularly interesting too!

So you’ve got a groundbreaking product that has outstanding market fit. Your prospects love it and are raring to buy. Amazing. But before they can hit approve on the order, they need to make sure you’re SOC 2 or ISO 27001 compliant because their compliance officer won’t let them work with any vendor that hasn’t passed their audit. This is the joy of selling to regulated customers — which today, let’s be honest, is almost everyone.

At some point, something bad always happens. Incidents like NHI sprawl and data ownership are always preventable. A supply chain attack finds its way either through upstream infiltration or downstream delivery. However, despite being aware of this, the problem persists. 54% of large organizations see supply chain challenges as a barrier to cyber resilience. There is complexity and interdependency among different systems, software, and teams that require access to one another.

The era of secrets living in fixed systems and accessed through a handful of workflows is long gone. Modern development is faster, more automated, and increasingly AI-assisted. Developers need access to secrets everywhere their code runs – across CI/CD pipelines, local environments, and AI-driven workflows.