Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Alex Stamos has 23 minutes to stop an AI chatbot leaking data (Live Tabletop Exercise)

What does a security leader actually do when an AI chatbot starts confidently revealing customer data that was never supposed to see the light of day? Alex has spent his career at the intersection of security and the hardest problems in tech—Chief Security Officer at Yahoo, Facebook, and SentinelOne, founder of the Stanford Internet Observatory, and now Chief Product Officer at Corridor, a startup focused on the security and safety of AI coding agents. If anyone knows what it looks like when AI ships faster than security can keep up, it’s him.

Episode 2: Least privilege access

In this episode, we'll walk you through one of the core tenets of PAM360: eliminating standing privileges. You will learn how to replace permanent administrative access with just-in-time (JIT) privilege elevation, reduce your attack surface, and enforce least-privilege access across your endpoints and critical systems. We will also break down PAM360's privilege elevation framework—built on a maker-checker model and policy-based access—so you can configure and scrutinize access requests, automate approvals, and enable dynamic controls for applications and user actions.

Optimize Microsoft Entra ID Conditional Access | Reach Security

Which of your users can reach a sensitive app without ever hitting MFA? Most security teams can't answer that with confidence. Microsoft Entra ID and Conditional Access is powerful. But exclusions stack up, MFA coverage drifts, and risk-based protections go unused. This creates openings for fast-moving AI-powered attackers. Reach continuously validates your controls against your security intent, closes the gaps, and proves the risk reduction.

Autonomous AI Accelerates Cyberattacks and Shrinks Response Time

The biggest challenge in cybersecurity is no longer just detecting threats. It's doing so before time runs out. Artificial intelligence is no longer confined to automating isolated tasks within an attack. It is enabling threats to operate as continuous systems that can adapt, coordinate, and evolve in real time, drastically reducing the time security teams have to react. This shift is doing more than simply increasing the volume of offensive activity.

How to Meet EU Cyber Resilience Act (CRA) Requirements

In March 2026, attackers from the TeamPCP group compromised Trivy (CVE-2026-33634) — a widely-deployed open-source vulnerability scanner running in thousands of CI/CD pipelines — and turned it into a credential harvester. SSH keys, Kubernetes secrets, cloud tokens — secrets accessible to any pipeline that ran a compromised version — were exposed. The attacker retained access long enough to exfiltrate newly rotated secrets before the window closed.

Emerging Threat: (CVE-2026-55957) Apache Tomcat Authentication Bypass via JNDIRealm GSSAPI Binds

CVE-2026-55957 is a missing critical step in authentication in Apache Tomcat, present when the JNDIRealm is configured to authenticate binds using GSSAPI. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), based on network attack vector, low attack complexity, no privileges required, and no user interaction.

Why You Should Back Up Your Terraform Configuration Code

SUMMARY – If you lose your.tf files, your Infrastructure as Code (IaC) stays up, but becomes entirely unmanaged.– Having a backup saves your team from weeks of manually reverse-engineering code to hit your RTO.– Your automated deployments rely entirely on the IaC—if the code vanishes, your CI/CD instantly stalls.– The Git commit history is the exact proof you need to pass strict audits like NIS2, SOC 2, and ISO 27001.– Setting up a dedicated Terraform backup means you c

How to handle risk management under growing regulatory pressure: Best practices in 2026

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

Runtime Incident Classification: Turning a Noisy Alert List Into a Triage Decision

Here is a scene every security team knows. A reverse shell opens a connection to an external address, pulls a service-account token, and starts moving against your cloud identity. Two rows below it on the same dashboard sits a payload that hit a front-end container and never executed. Both are tagged high severity. Both are competing for the same analyst’s attention at the same moment.