Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Companies that need to comply with CMMC to earn their governmental contracts have a lot of work ahead of them. Securing their systems against intrusion and protecting data from breaches, malicious actors, and snooping is all part and parcel of the program. One aspect of information security that can be distressingly easy to overlook is disposal.

As the foremost email storage and communications platform, Gmail’s free web-based services have penetrated every market and niche. Billions of people and organized groups depend on the company to provide email storage, organization, and integration. Considering its core importance within almost everyone’s life, there is a high anticipation that its security measures are of the highest caliber. Unfortunately, the corporation was recently the victim of a data breach.

It wasn’t long ago that we uncovered compromised extensions on Open VSX. Now, a new wave of attacks is emerging, and all signs point to the same threat actor. The technique will sound familiar: hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters. We first saw this trick back in March when npm packages used PUAs to conceal payloads. Then came Open VSX. Now, the attacker seems to have turned their sights on GitHub, and their methods are evolving.

Public sector organizations face sophisticated, persistent threats — 38% of public sector organizations say their cyber resilience is insufficient compared to 10% of medium to large private businesses. With sensitive data and critical infrastructure at stake, agencies need tools that enable proactive detection and rapid investigation, all while keeping data inside a secure boundary.

We’re excited to share new updates and enhancements for October, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

The rapid scale of AI development and deployment has introduced a number of unprecedented privacy and compliance challenges for enterprises. IT and compliance teams are looking for solutions that address these concerns without affecting AI adoption. Tokenization has for long been the solution for protecting sensitive data. However, to implement it correctly, it is critical to understand which type fits best – both protect PII but differently.

Organizations running containerized environments face complex security challenges as they scale Kubernetes and adopt dynamic, ephemeral infrastructure. Traditional security tools often miss activity inside containers, making it difficult to detect policy violations or threats at runtime. Falco is a runtime security monitoring tool for containerized infrastructure.

AI agents are moving into the enterprise at full speed. They’re writing code, running analyses, managing workflows, and increasingly shouldering responsibilities once trusted to humans. The opportunity is enormous, but so is the risk. Over-reliance, over-trust, and a lack of guardrails create dangerous fragility. When things go wrong—and they will—enterprises can face three inevitable “panic” moments: unmistakable signs of AI agent failures.