Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

How State Governments Can Navigate the Resource Crunch and Achieve Resiliency

The 2026 NASCIO-Deloitte Cybersecurity Study reveals a stark reality for CISOs in state governments: while cyber threats are growing in both sophistication and volume, the resources available to combat them are failing to keep pace. As foreign adversaries and cybercriminals weaponize AI to probe for vulnerabilities, state CISOs find themselves at a critical juncture, navigating expanding responsibilities amidst tightening budgets.

What's New in New-Scale July 2026: AI Agents Need More Than Guardrails

Exabeam expands Behavior Intelligence to address risks introduced by agentic AI. This release introduces open-source projects for agent verification and telemetry, expanded AI observability with Anthropic Claude support, more than 50 new Agent Behavior Analytics (ABA) detections (bringing total to 90), Exabeam Nova Content Creator, and OWASP Agentic Top 10 coverage scoring in Outcomes Navigator, enabling teams to continuously verify, observe, analyze, and improve AI agent security.

LogRhythm SIEM July 2026 Release: Accelerating Investigations and Expanding Visibility

The LogRhythm SIEM July 2026 release adds new investigation workflow features, expands automation for administration and archiving, and broadens telemetry coverage across cloud, identity, collaboration, endpoint, and email environments. Organizations running on-premises and hybrid environments often need tight control over data to meet sovereignty and operational requirements.

Why Low-And-Slow Attacks Look Normal

Low and slow attacks look normal because they are intentionally distributed into small, permissible actions that avoid detection thresholds. Each step appears legitimate on its own, which prevents detection systems from recognizing the overall progression. The issue is not that security teams lack telemetry. The issue is that traditional detection often evaluates activity in fragments. When each action stays below a rule or threshold, the broader pattern can remain invisible.

DuneSlide: Two Critical RCE vulnerabilities via Zero-Click Prompt Injection in Cursor IDE

Cato AI Labs has discovered two critical remote code execution (RCE) vulnerabilities in Cursor IDE, the popular development environment which, according to Cursor, is used by over half of the Fortune 500. Both RCE vulnerabilities, which we refer to as “DuneSlide,” achieved a 9.8 CVSS score, and involve breaking out of the IDE’s sandbox environment and were assigned CVE IDs CVE-2026-50548 and CVE-2026-50549.

And another one. GitHub ships break-glass credential revocation

Last week, GitHub released self-service credential revocation for Enterprise. The feature lets organization owners cut off compromised credentials across the entire organization in one action instead of trying to track down individual tokens during an active incident. This fix was a long time coming, as the past few months have shown what happens when revocation is slow or incomplete.

From ISDN to AI - Two Veterans on How Defence in Depth Has Changed

Defence in depth has evolved every time the technology landscape has shifted. The internet, virtualisation, cloud, SaaS. AI is the next shift, and the old model isn't keeping up. Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined once again by Martin Voelk, co-founder of SpartanX and an ethical hacker with nearly 26 years in cybersecurity.

Embracing the Benefits of Smart Glasses Safely in the Workplace

We are witnessing a massive shift in how we secure corporate networks. Security operations centers used to be dedicated to protecting static desktop stations, local servers, and company-issued mobile hardware. However, today's spatial computing and edge-based AI have delivered a new, largely unregulated hardware threat directly into the corporate space - face-worn consumer hardware.

RAG vs Fine-Tuning: When to Use Each for Enterprise GenAI Applications

Let's suppose that your business is about to implement GenAI (generative AI). In this case, the conversation inevitably boils down to a dilemma: RAG (Retrieval-Augmented Generation) or Fine-Tuning. At first glance, these appear to be two competing methods for tackling the same problem-getting a base LLM (Large Language Model) to speak your company's language.

Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era

Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every marketing vendor a company approves can silently introduce third and fourth-party scripts that no security team ever reviewed. In the AI era, that invisible layer is expanding faster than point-in-time audits can track. The gap between what an organization approves and what actually executes on its site is where data leakage, regulatory exposure, and compliance failures happen.