Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Imagine a sleek, high-tech sports car racing downhill without brakes. Now, imagine that car is actually the AI driving your business. Powerful yet precariously close to catastrophe. That’s why, as we accelerate AI adoption, including AI agents, we can’t afford to overlook security guardrails. This fact was front and center during the recent “large-scale cyberattack” on DeepSeek, a strategic open-source AI player from China that’s been disrupting the global AI space.

As a former black hat hacker, social engineering and phishing concepts are not new to me. I have used these techniques in my previous life, so I know their effectiveness. Having spent years immersed in the intricacies of social engineering, I’m always looking for new twists on this age-old technique.

In today’s threat landscape, you’re at risk if you don’t have all your identities—human and machine—secured with the right level of intelligent privilege controls. And the risk is even more significant when identities and privileges on your mission-critical Linux servers, especially those that run critical workloads or have sensitive data, are managed in silos, separately from the rest of the infrastructure.

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity.

There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise—a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact detection, investigation and response times. It’s a calculated strategy that works reliably, year after year. And now there’s another holiday surprise to add to the list—the recent attack on the U.S. Treasury Department.

In this episode of the Trust Issues podcast, host David Puner dives into the complexities of secrets management with Ritesh Desai, General Manager at AWS Secrets Manager. They discuss the evolving landscape of secrets management, emphasizing the importance of a multi-layered defense strategy as organizations increasingly adopt cloud services, digital transformation and agile development practices.

The rise of generative AI (GenAI) over the past two years has driven a whirlwind of innovation and a massive surge in demand from enterprises worldwide to utilize this transformative technology. However, with this drive for rapid innovation comes increased risks, as the pressure to build quickly often leads to cutting corners around security. Additionally, adversaries are now using GenAI to scale their malicious activities, making attacks more prevalent and potentially more damaging than ever before.

The year 2025 started with a bang, with these cybersecurity stories making headlines in the first few days: As the global threat landscape intensifies, the need for in-depth research and information sharing has never been greater. Our mission at CyberArk Labs is to empower cyber defenders with threat insights that help strengthen their identity security strategies.

In 2025, global cybersecurity trends like the rise of Zero Trust, tightening data privacy and AI regulations and growing concerns over cloud security will only accelerate. Each of these evolving forces will also shift paradigms for the privileged access management (PAM) programs charged with safeguarding IT, cloud ops and third-party vendor users as they perform high-risk operations.