Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Since the launch of the Vanta AI Agent, teams using the Vanta AI Agent are saving an average of four hours a week—time they can reinvest in building, shipping, and scaling securely. ‍ According to a recent Vanta customer survey, 91% of Vanta AI Agent users say it’s improved their audit readiness, and 86% report faster audit preparation overall. Teams had less manual work, fewer last-minute scrambles, and more time to focus on meaningful security improvements. ‍ ‍ ‍

The rising threat of cybercrime, projected to reach an astonishing $13.82 trillion by 2028, is largely attributed to the expanding attack surface. This signals that organizations are more vulnerable than ever. Assuming your organization is safe, without ongoing visibility is dangerous. That’s because every digital asset poses a threat, whether a new tool or forgotten assets. Security and Operations Center (SOC) teams require real-time insight, which is why attack surface monitoring is crucial.

When alerts flood in at 2 a.m., your team shouldn't have to guess whether it's a critical failure or another false alarm. That uncertainty is what causes alert fatigue, a systematic problem that leads to slower response times, team burnout, and missed incidents. Fortunately, there's a solution: By replacing noisy, traditional methods with smart alert management, you can turn a flood of alerts into a stream of actionable insight.

The importance of cyber resilience is very real and growing due to an accelerating threat landscape for manufacturers that shows no signs of slowing down. The SANS Institute’s 2025 State of ICS/OT Cybersecurity Survey reveals troubling trends that should reshape how manufacturers think about operational security.

LLMs, agents and retrieval‑augmented models are increasingly being adopted for product analytics, customer support and decision‑making workflows. With that scale comes exposure: AI privacy and security incidents incidents involving customer PII are more common than ever and becoming a compliance issue. Let’s look at the statistics: These underscore the importance of robust guardrails and why relying on privacy tools with mediocre recall is a gamble.

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” the researchers write.

Following its launch in 2024, Gartner has now published the second Magic Quadrant for Email Security —and KnowBe4 is delighted to once again be named a Leader! Email security is critical for all organizations globally. Fueled by factors such as GenAI and crime-as-a-service toolkits, the phishing threat landscape continues to become more sophisticated at an alarming pace.

Montreal's recent community event revealed how feature flags, observability, and lifecycle discipline help teams manage complexity without compromising security or stability.

Artificial Intelligence (AI) is transforming software development with agentic coding tools like GitHub Copilot and Cursor, leading the charge. These tools use AI to assist developers in writing code, automate repetitive tasks, and expedite the development process.

On December 3, 2025, coordinated disclosures revealed that multiple releases of React 19 and Next.js contain a critical flaw in the React Server Components (RSC) “Flight” protocol, allowing unauthenticated remote code execution (RCE). The vulnerability originates from unsafe deserialization of attacker-controlled data in server-side RSC payload handling.