Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations – JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and how JFrog Platform capabilities can help you streamline the certification process.

Everyone’s trying to make AI agents do useful things. That’s why the Model Context Protocol (MCP) is gaining momentum with teams operationalizing LLMs across their infrastructure and tooling. Backed by teams like OpenAI and Google, MCP gives a consistent, standardized way to connect LLMs with the rest of your stack. In other words, the MCP Protocol makes connecting AI tools with real business data and workflows easier using structured access instead of janky UI hacks and glued-on custom code.

The BBC recently reported on Safeguarding Minister Jess Phillips' acknowledgement that the DASH (Domestic Abuse, Stalking, Harassment and Honour-Based Violence) risk assessment tool “doesn’t work” in reliably identifying high-risk cases. Since 2009, the DASH has been the most widely used screening tool across police, healthcare, social workers and victims services.

At Tanium, trust and transparency are among our guiding principles. We are committed to keeping you informed about important updates regarding your information.

In today’s fast-moving world of cloud-native development and CI/CD pipelines, code flows from commit to production faster than ever. And with that speed comes risk. That’s why code scanning in SCM (Source Code Management) has become a critical part of modern DevSecOps. Veracode’s new SCM Integration makes it easy to secure applications from the very first commit, directly within the SCM, without disrupting developer workflows.

Ransomware distributors are bad enough, but there should be a special place in the dark web's basement that only offers ISDN connections and no Wi-Fi, reserved for those groups that insist their attack was a benign cybersecurity service or those who only attack entities that they say deserve to be struck. At least based on their logic.

Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to researchers at ANYRUN. The phishing attacks are delivered via email and primarily attempt to steal Microsoft 365 credentials. Like many popular commodity phishing kits, Salty 2FA is designed to bypass a variety of multifactor authentication measures.

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after. “Among the most in-demand skills is English-speaking social engineering, with job posts more than doubling from 2024 to 2025,” the researchers write.

This is a follow up to the blog Cybersecurity as a Business Enabler about the shifting cybersecurity from a cost center to a value driver. If you are a C-level executive looking to transform how your organization approaches cybersecurity, here is how to shift the mindset from viewing security as just another cost center to recognizing it as a true value driver.

In August 2025, a joint Cybersecurity Advisory (CSA) was issued by CISA, NSA, FBI, and allied cybersecurity agencies across the Five Eyes, EU, and partner nations. This advisory details a long-term espionage campaign by People’s Republic of China (PRC) state-sponsored actors—linked to companies supporting the Ministry of State Security (MSS) and People’s Liberation Army (PLA).