Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June Release Rollup: Building Code Analyst, AI Assistant, and More

June's release brings a range of updates across Egnyte's platform, with the most notable addition being the Building Code Analyst, an AI-powered tool that helps AEC teams quickly surface relevant code requirements across jurisdictions. The release also includes Adaptive Block Caching (now generally available), expanded AI Assistant capabilities like agent mode and multi-file spreadsheet analysis, and several mobile improvements across iOS and Android.

CISO Executive Briefing: This Week's Threats, Priorities, Foresight & Execution

Cyber risk remains at an elevated baseline. Ransomware holds at “new normal” highs, state actors exploit supply chains and zero-days, and AI accelerates attacks. Last week’s signals confirm active exploitation of known vulnerabilities and credential/ICS exposure. Winning CISOs reduce attack surface at first principles, assume breach, and enforce continuous validation with measurable business outcomes.

Why Your Asset Counts Are Wrong (And What to Do About It)

If you've ever pulled an asset count from one tool and compared it to another, you've probably noticed they don't match. The discrepancy isn’t minor, either. The difference is likely to be substantial. One scanner says you have 4,200 assets. Your CMDB says 3,800. Your cloud inventory says 1,100. None of them agree, and none of them are right. That's not a data hygiene problem you can solve with a spreadsheet cleanup.

RBAC implementation: building effective role-based access control

Most organizations already run something they call role-based access control, yet permissions keep accumulating through ad hoc approvals and unreversed role transfers. RBAC holds up only when roles are designed from business functions and least privilege, validated against effective access first, and maintained through governance tied to HR-driven lifecycle events. Without that discipline, the model drifts back into access sprawl.

What is CEN/TS 18099? A guide to the injection attack detection standard

For years, the dominant threat against remote identity verification was the presentation attack: someone holding a printed photo up to a camera, wearing a mask, or playing a pre-recorded video on a phone screen. The industry responded with increasingly sophisticated anti-spoofing technology and vision-based detection models, and the standards to test their effectiveness followed. But many of today’s most sophisticated fraudsters don’t bother with the camera at all.

AI Just Shrank the Time Hackers Need to Weaponize Your Vulnerabilities

The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.

Ep. 65 - "Months, Not Years": The Five Eyes AI Warning and Your Security Program

On June 22, 2026, the heads of all six Five Eyes cyber agencies—GCHQ, CISA, the NSA, ASD, the Canadian Centre, and New Zealand's GCSB—signed a rare joint statement: AI has rewritten the cyber risk timeline, and it's months, not years. Host Tova Dvorin and offensive security expert Adrian Culley unpack why AI is collapsing the window between vulnerability and exploit, why "having controls" isn't the same as proven controls, and why legacy systems are now strategic liabilities for the board, not the IT team. A clear-eyed look at validation, assumed breach, and what CISOs should do Monday morning.

Alex Stamos has 23 minutes to stop an AI chatbot leaking data (Live Tabletop Exercise)

What does a security leader actually do when an AI chatbot starts confidently revealing customer data that was never supposed to see the light of day? Alex has spent his career at the intersection of security and the hardest problems in tech—Chief Security Officer at Yahoo, Facebook, and SentinelOne, founder of the Stanford Internet Observatory, and now Chief Product Officer at Corridor, a startup focused on the security and safety of AI coding agents. If anyone knows what it looks like when AI ships faster than security can keep up, it’s him.

Episode 2: Least privilege access

In this episode, we'll walk you through one of the core tenets of PAM360: eliminating standing privileges. You will learn how to replace permanent administrative access with just-in-time (JIT) privilege elevation, reduce your attack surface, and enforce least-privilege access across your endpoints and critical systems. We will also break down PAM360's privilege elevation framework—built on a maker-checker model and policy-based access—so you can configure and scrutinize access requests, automate approvals, and enable dynamic controls for applications and user actions.