Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most IT teams face the same challenge: threats don’t stop when the workday ends. Alerts come in after hours, resources are stretched thin, and a single missed response can turn into a costly incident. Partners who deliver managed services often feel that pressure even more, balancing multiple customers and security tools while trying to prove value every day.

Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.

The worldwide ransomware landscape saw a dramatic shift in attacks in October 2025, jumping 41% month over month, with the most prolific attacker, Qlin, more than doubling the number of attacks it launched, according to Trustwave, A LevelBlue Company, research. The US remained the primary recipient of ransomware attacks, but October saw manufacturing overtake technology as the most targeted vertical sector.

The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 – a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to developers.

Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). The collective comprises Scattered Spider, ShinyHunters, and LAPSUS$.

Consider that your backup is running smoothly. Your dashboards are green. The DevOps team is sleeping peacefully. And yet, behind the calm surface, something is happening. Your API limits are being chewed up, call by call, until you’re throttled into silence. Suddenly, your system stalls – quietly and invisibly. The irony is, you build a backup system for resilience. Now, it’s the vulnerability. There’s a quiet assumption built into most backup systems.

Organizations in regulated industries must comply with strict guidelines that require continuous security measures and data protection protocols to be in place. Maintaining compliance in trust centers is becoming essential, as these organizations must demonstrate compliance with industry-specific regulations across their business relationships with clients and partners, as well as during audits. Trust centers for compliance metrics as a key framework for regulated companies to show compliance at scale.

In today’s world, software buyers rarely proceed with a vendor relationship without a full understanding of the vendor’s security practices before entering into any type of arrangement. They require certifications, compliance reports, and data handling procedures in advance; consequently, adding security documentation requests, compliance attestation requests, and audit report requests are never-ending burdens on sales teams.

OpenAI’s AgentKit has democratized AI agent development in a big way. Tools like Agent Builder, ChatKit, and the Connector Registry make it possible for teams to spin up autonomous agents without writing custom code. That kind of accessibility changes everything, including the AI agent security threat model. The easier it becomes to build agents, the harder it gets to secure them.

The modern security operations center (SOC) in 2025 is a far cry from the siloed, reactive setups of the past. Twenty years ago, SOCs concentrated on perimeter defense, firewalls, antivirus, and basic IDS. Security analysts manually sifted through logs and alerts, often overwhelmed by false positives. Monitoring of threats was largely confined to on-premises, internal infrastructure. Cloud, mobile, and IoT weren’t yet major concerns.