Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Privileged access management (PAM) was once thought of in simple terms: secure the credentials of a handful of administrators managing on-premises systems. Vault the passwords, rotate them regularly, and record every privileged session It worked for a world with clear boundaries and predictable users. That world is now a museum piece. But here’s the shift: It’s not that PAM has changed. The very definition of privilege has evolved.

This blog post provides a dive into HTTP/3’s evolution for security engineers, an overview of our research journey, and what led us to develop the open-source tool QuicDraw, which can be used for fuzzing and racing HTTP/3 applications. QuicDraw implements “Quic-Fin-Sync” our implementation of the last-byte-sync with the single packet attack on HTTP/3. We conclude by evaluating QuicDraw’s performance against a real-world target and comparing its results to other tools.

Cybersecurity never stands still. Every login, session, and connection shifts the balance between freedom and control. Effective access management today isn’t about restriction—it’s about enabling trust at the speed of innovation. Modern enterprises achieve this by evolving their controls to be seamless, adaptive, and invisible to the user.

2025 has been a defining year for identity security, marked by a rapid increase in the volume, variety, and velocity of identities that organizations must now govern. The changes have been building for a long time, as identity tools have evolved from early single sign-on solutions and compliance-driven governance to the cloud-first, AI-powered world we live in now, which must enable employees with the access they need at lightning speed while maintaining security.

“Agentic AI is here to stay. It doesn’t matter whether you’re just experimenting with simple AI assistants and chatbots or already have autonomous agents with privileged access running in production.

Eric O’Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today’s sophisticated cyber threats. Drawing on O’Neill’s experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead.

CyberArk introduces Access Requests for Secure Cloud Access: Secure, seamless user experience for requestors and approvers alike. Securing and requesting access to multiple clouds can feel like navigating through a maze of approvals and endless tool-switching. In an ideal world, access requests would provide users with frictionless, just-in-time access across AWS, Azure, and Google Cloud from within their existing platform.

When I started my career on the trade floor of a Canadian bank, I quickly learned what it meant to work in a fast-paced, highly regulated environment. Every identity had to be secured, justified and auditable. Later, when I moved to the security engineering team, I saw firsthand how compliance could consume entire teams. We weren’t just protecting accounts; we were constantly running manual processes to prove that the right controls were in place.

The first time it happened, nobody noticed. An automation reconciled a ledger, logged its success, and shut itself down. The token that made it possible looked harmless. Tidy, legacy, supposedly scoped “just enough.” But a week later, refunds ghosted, dashboards blinked, and audit logs told three different versions of the truth. And that token? Not a token at all. More like a Fabergé raptor egg sitting in a server room. Not decoration. Incubation. Of chaos.