Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BERT ransomware targets Windows and Linux platforms, TGR-CRI-0045 exploits leaked machine keys to access organizations, and XWorm evolves into a modular and evasive remote access trojan.

To address a rising attack vector: client-side JavaScript tampering on payment pages.

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired Trelica earlier this year. Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview.

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.

Broadcom’s recent announcement to retire the VMware Advantage Partner program has left many organizations questioning their virtualization strategy. As the dust settles on this major industry shift, understanding what these changes mean for your organization and how to navigate them quickly is all important. The transition affects thousands of VMware partners worldwide, but for customers and partners alike, one thing remains clear: the need for reliable, experienced partners has never been greater.

In my previous post, we explored the reasons and methods for safeguarding Microsoft Entra ID data using Veeam Backup & Replication. While having secure, encrypted backups is essential, their value diminishes if you can’t restore them when it matters most. In this post, we’ll dive into the recovery process step by step. If you’ll remember there are a number of object types within Entra ID that can be protected at this time and they are.

Netskope has been named a Leader in the 2025 Gartner Magic QuadrantTM for SASE Platforms. This is the second successive year, and we are now positioned furthest in vision in the Gartner Magic QuadrantTM reports for BOTH SASE Platforms and SSE. That’s what we, at Netskope, call “20/20 Vision.” In this year’s 2025 Critical Capabilities for SASE Platforms report, Gartner defined four key Use Cases.

Microsoft highly recommends enabling MFA on all Entra ID users to protect their environment against potential attackers and avoid getting breached. This can cause a lot of issues and damage for the company from reputation problems to large fines. The latest figures from Microsoft Threat Intelligence research show that more than 99% of attacks are password attacks. Microsoft alone registers 7,000 password attacks per second!

CrowdStrike is proud to be named a Leader and Fast Mover in the 2025 GigaOm Radar for Security Information and Event Management (SIEM). This recognition positions CrowdStrike Falcon Next-Gen SIEM as the core of the AI-native SOC and future of security operations. CrowdStrike earned perfect 5/5 scores in key areas including Attack Surface Coverage, LLM-Based Co-Pilot and Agents, Automation, and Threat Research Units.

On June 25, 2025, Cisco disclosed two critical vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 and CVE-2025-20282, these flaws enable unauthenticated remote attackers to execute arbitrary commands as the root user via exposed HTTPS APIs. CVE-2025-20281 arises from insufficient validation of user-supplied input in a public API, allowing crafted requests to trigger remote code execution.