Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s look at something many teams quietly struggle with. Detecting PII inside unstructured text. It feels like it should be simple. After all, we’ve used regular expressions for years to find emails, phone numbers, and ID formats. Yet when we deploy regex in real environments. ticket systems, chat logs, CRM notes, uploaded documents, support transcripts. something becomes clear very quickly. Regex isn’t enough.

BlueVoyant’s Threat Fusion Cell (TFC) observed a Bookingcom references relate solely to adversary brand impersonation.

Why You Shouldn’t Ignore OS Updates Even for “Small” Bugs In cybersecurity, people often focus on the big, headline-grabbing incidents: ransomware outbreaks, nation-state intrusions, or massive supply chain compromises. But the reality is far simpler: Most breaches begin with something small: a patch that wasn’t applied, a “low-priority” update that got postponed, or a seemingly harmless system bug that attackers quietly weaponized.

In our recent analysis of AI browser exfiltration risks, we exposed how OpenAI's Atlas and Perplexity's Comet create permanent backdoors to sensitive data through persistent memory, autonomous agents, and cross-platform sync. The challenges with AI native browsers strongly resonated with CISO’s and security leaders we speak with on a daily basis. But the threat extends far beyond Atlas and Comet.

On December 3, 2025, immediately following the public disclosure of the critical, maximum-severity React2Shell vulnerability (CVE-2025-55182), the Cloudforce One Threat Intelligence team began monitoring for early signs of exploitation. Within hours, we observed scanning and active exploitation attempts, including traffic originating from infrastructure associated with Asian-nexus threat groups.

I first met Tines co-founders Eoin Hinchy and Thomas Kinsella more than a decade ago at eBay. Even then, we shared the same frustration: too much important work was slowed down by brittle processes, manual handoffs, and disconnected tools. We all believed technology should help people focus on meaningful work, not slow them down in muckwork. That idea has shaped my career ever since. I started out in security operations, using automation to make my own job easier.

Let’s be honest: if your SOC is drowning in noise, you’re not “doing security.” You’re babysitting tools that cry wolf. And the wolves? They’re doing just fine. Every vendor claims their AI magically cuts false positives. Most don’t. Why?