Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The 2025 Annual Cyber Threat Intelligence Report captures the year’s most impactful attack patterns across exploitation-led intrusion, advanced malware (including AI-assisted techniques), and the ongoing evolution of ransomware/RaaS economics.

CrowdStrike has been named a Customers’ Choice in the 2026 Gartner Peer Insights “Voice of the Customer for User Authentication” report. For the second consecutive year, CrowdStrike has the highest volume of verified reviews and more 5-star ratings (129) than any other vendor in the report based on 179 overall responses in the 2026 report.

IIf you’re using AI to generate code, you’re likely moving faster than ever. You’ve probably felt that surge of productivity when a complex logic problem gets solved in seconds or boilerplate code appears instantly. But here is the problem: speed without guardrails creates security debt, and with AI, that debt accumulates at a terrifying rate. Recent data paints a concerning picture.

Exposure management has outgrown visibility. With 67M+ findings per year, the real challenge is execution at scale. The 2026 Exposure Action Report shows that risk clusters in predictable places, most exposure is operational (not novel), and meaningful risk reduction comes from consolidation, prioritization, and disciplined remediation workflows — not adding more tools.

In a content collaboration and governance market that often gets swept up in hype, it’s refreshing when an analyst focuses on what actually works.

Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication. “The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta says.

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).

Security teams are facing an attack surface that changes faster than it can be fully understood. Cloud adoption, Software-as-a-Service sprawl, and continuous delivery cycles have dissolved the traditional perimeter, replacing it with an environment where assets change with little notice. Shadow IT, abandoned infrastructure, expired certificates, and misconfigured services quietly expand exposure, often outside formal ownership.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Not spooky season right? Well, this is a bit odd

Read Post

Teams sprawl is one of the most overlooked security risks in Microsoft 365 environments. When all your employees can create teams on demand, without approval, naming conventions, or expiration policies, the result is hundreds of ungoverned workspaces with no clear ownership, inconsistent naming, and scattered data. That governance gap creates measurable risk.