Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft Power Platform, specifically Power Automate and Copilot Studio, makes it easy for organizations to quickly build automations and AI agents. To keep them secure and compliant, Tenant Isolation is a critical feature designed to prevent unauthorized cross-tenant communication. However, in our latest research, we discovered a high-severity vulnerability that bypasses Tenant Isolation policies using the HTTP Connector - potentially exposing sensitive data and enabling unauthorized actions.

Traditional email authentication mechanisms like SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) are great for getting started. They are like the first step to verifying email senders and combatting tampering. However, they don’t solve the entire problem. Attackers may still manipulate the “From” address, evade SPF checks using intermediary servers, or exploit misconfigured DNS (Domain Name System) records.

If you’ve started exploring how to secure AI agents in your environment (or even just reading about it), you likely already know that it’s not as straightforward as applying traditional AppSec practices. AI agents aren’t just another workload or API to monitor, they’re dynamic, semi-autonomous entities operating at the intersection of user intent, agent behavior, and enterprise systems. And not all AI agents are created equal or secure.

Think of your organization’s cybersecurity as a combination of a shield and a sword. The shield represents proactive incident response – your first line of defense that anticipates and prevents potential threats. This could include app security tips or best practices for business cybersecurity, which work to prevent incidents before they occur through continuous monitoring, threat hunting, and vulnerability assessments.

API keys and passwords are the keys to digital kingdoms, granting access to an organization’s most valuable systems and data. Traditional data loss prevention (DLP) systems often fall short in their attempts to protect sensitive data and secrets, leaving security teams overwhelmed with false positives and noise. At Nightfall, we understand these challenges and the evolving threat landscape across SaaS and endpoints.

The Department of Health and Human Services (HHS) will be implementing sweeping and crucial updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI). These changes aim to address modern cybersecurity threats and ensure resilience in healthcare data management. In this blog, we will explore the key updates and their implications for healthcare providers and their business associates.