Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In a stark reminder of the increasing risk to software supply chains, freelance talent platform Toptal is the latest high-profile organization impacted by a compromise of a GitHub account that led to the deployment of malicious npm packages with the capability to wipe developer machines and steal passwords. The breach, first disclosed last week, has shocked the developer community and exposed serious flaws in repository security, disclosure practices, and package ecosystem hygiene.

Cybersecurity is a business built on trust. Every client is different. That is where the Client Success Manager comes in.

AURA Stealer is a newly emerging information-stealing malware that presents itself as a streamlined alternative to more established stealer families such as LummaC2. Marketed as a carefully engineered solution, AURA is positioned by its developers as purpose-built for efficiency and results—eschewing unnecessary complexity in favor of a focused and modular design.

As cyber threats continue to grow in complexity and frequency, organizations must evolve their response strategies. The year 2025 demands a modern, proactive, and layered approach to dealing with cyber incidents. Whether it’s a ransomware attack, data breach, or insider threat, cyber incident response in 2025 must focus on preparation, swift action, and continuous learning.

In cybersecurity, time isn’t just money, it’s everything. The longer it takes to detect and respond to an incident, the greater the damage to data, operations, and brand reputation. That’s why organizations today are laser-focused on reducing MTTR (Mean Time to Respond). But here’s the catch: you can’t respond to threats you don’t fully understand. And you can’t understand threats without first understanding your assets.

“Identity is the new perimeter” had its moment. But as cloud-native environments and distributed teams become the norm, this mantra is starting to show its age. The risks tied to static, identity-based access are now too big to ignore, and no one sees that more clearly than security vendors themselves.

You can’t secure what you don’t manage. Mismanaged access is an open invitation for breaches. Overprivileged users and a surge in non-human identities (like service accounts and API keys) are quietly expanding your organization’s attack surface. Yet many still rely on outdated, manual IAM practices that can’t keep up with modern infrastructure. It’s not just a theory—38% of breaches trace back to stolen credentials.

Splunk is pleased to announce the general availability of Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0, the most secure, stable, and modernized platform for a digitally resilient, compliance-ready future. The Splunk 10 platform is the next evolution of data security. With the latest cryptographic models and more performant data pipeline management, Splunk 10 delivers continued momentum in search & indexing, dashboard visualization, and ease of compliance administration.

SASE has transformed how organizations approach secure networking, uniting security and connectivity into a single, cloud-delivered model. As one of the original architects of SASE (along with Neil MacDonald), I was invited at ONUG Dallas to reflect on the state of SASE and what we might have missed in our original research.

Turn Any Android Work Device Into a Secure Chrome-Only Kiosk. Perfect for Retail, Field Teams & more. Learn How in Just a Few Steps.