Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Hazy Hawk uses DNS records to target domains, a new malware campaign delivers fileless Remcos RAT, and threat actors combine AES encryption and malicious npm packages in a novel phishing attack.

The complex nature of the U.S. CLOUD Act (CLOUD Act) presents far-reaching implications for global data governance. In this article, we explore how this pivotal legislation is reshaping compliance requirements, transforming privacy frameworks and challenging traditional concepts of data sovereignty, as well as strategies and technologies to ensure compliance.

Standing on stage at Microsoft Build, surrounded by innovators shaping the future in the era of AI Agents, I felt equal parts inspired and responsible. Inspired by the rapid momentum around AI, and responsible for raising a flag about something we don’t talk about enough - how we secure the very systems that are now acting on our behalf. This post isn’t a recap, rather a continuation, a chance to go deeper into the story I shared (and the one we’re still writing.)

With remote work, hybrid IT environments, and AI-enhanced automation on the rise, insider threats remain among the most damaging and difficult-to-detect risks in cybersecurity. Identifying malicious insider activity may take weeks or even months despite the many efforts companies put into building cybersecurity threat detection systems. You can increase your chances of uncovering malicious activity by studying insider threat techniques and applying diverse detection methods.

In this episode of Security Matters, host David Puner welcomes Kevin Bocek, CyberArk SVP of Innovation, for an insightful discussion on the critical role of machine identity in modern cybersecurity. As digital environments become increasingly complex, securing machine identities has never been more crucial.