Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mitigating Attacks Before They Impact Infrastructure: Link11 provides next generation network DDoS protection

Link11, a leading European provider of cloud-based cybersecurity solutions, today announced the launch of its completely rebuilt Layer 3/4 DDoS mitigation solution, designed to address the growing complexity of modern network attacks. Today's DDoS attacks are not just simple volume or protocol attacks anymore. They can originate from compromised devices within trusted and legitimate networks, mimic real traffic, and appear in short, high-intensity bursts that leave little time for manual response.

Why Your Asset Counts Are Wrong (And What to Do About It)

If you've ever pulled an asset count from one tool and compared it to another, you've probably noticed they don't match. The discrepancy isn’t minor, either. The difference is likely to be substantial. One scanner says you have 4,200 assets. Your CMDB says 3,800. Your cloud inventory says 1,100. None of them agree, and none of them are right. That's not a data hygiene problem you can solve with a spreadsheet cleanup.

RBAC implementation: building effective role-based access control

Most organizations already run something they call role-based access control, yet permissions keep accumulating through ad hoc approvals and unreversed role transfers. RBAC holds up only when roles are designed from business functions and least privilege, validated against effective access first, and maintained through governance tied to HR-driven lifecycle events. Without that discipline, the model drifts back into access sprawl.

What is CEN/TS 18099? A guide to the injection attack detection standard

For years, the dominant threat against remote identity verification was the presentation attack: someone holding a printed photo up to a camera, wearing a mask, or playing a pre-recorded video on a phone screen. The industry responded with increasingly sophisticated anti-spoofing technology and vision-based detection models, and the standards to test their effectiveness followed. But many of today’s most sophisticated fraudsters don’t bother with the camera at all.

AI Just Shrank the Time Hackers Need to Weaponize Your Vulnerabilities

The Five Eyes intelligence alliance—NSA, CISA, GCHQ, Australia's ASD, Canada's Cyber Centre, and New Zealand's GCSB—just issued a joint warning: AI has compressed the window between vulnerability discovery and exploitation from years to months. Adrian breaks down what the "AI Shift in Cyber Risk" statement actually means for patching timelines and attacker sophistication—and why most organizations aren't moving fast enough to keep up.

Ep. 65 - "Months, Not Years": The Five Eyes AI Warning and Your Security Program

On June 22, 2026, the heads of all six Five Eyes cyber agencies—GCHQ, CISA, the NSA, ASD, the Canadian Centre, and New Zealand's GCSB—signed a rare joint statement: AI has rewritten the cyber risk timeline, and it's months, not years. Host Tova Dvorin and offensive security expert Adrian Culley unpack why AI is collapsing the window between vulnerability and exploit, why "having controls" isn't the same as proven controls, and why legacy systems are now strategic liabilities for the board, not the IT team. A clear-eyed look at validation, assumed breach, and what CISOs should do Monday morning.

Alex Stamos has 23 minutes to stop an AI chatbot leaking data (Live Tabletop Exercise)

What does a security leader actually do when an AI chatbot starts confidently revealing customer data that was never supposed to see the light of day? Alex has spent his career at the intersection of security and the hardest problems in tech—Chief Security Officer at Yahoo, Facebook, and SentinelOne, founder of the Stanford Internet Observatory, and now Chief Product Officer at Corridor, a startup focused on the security and safety of AI coding agents. If anyone knows what it looks like when AI ships faster than security can keep up, it’s him.

Episode 2: Least privilege access

In this episode, we'll walk you through one of the core tenets of PAM360: eliminating standing privileges. You will learn how to replace permanent administrative access with just-in-time (JIT) privilege elevation, reduce your attack surface, and enforce least-privilege access across your endpoints and critical systems. We will also break down PAM360's privilege elevation framework—built on a maker-checker model and policy-based access—so you can configure and scrutinize access requests, automate approvals, and enable dynamic controls for applications and user actions.

Optimize Microsoft Entra ID Conditional Access | Reach Security

Which of your users can reach a sensitive app without ever hitting MFA? Most security teams can't answer that with confidence. Microsoft Entra ID and Conditional Access is powerful. But exclusions stack up, MFA coverage drifts, and risk-based protections go unused. This creates openings for fast-moving AI-powered attackers. Reach continuously validates your controls against your security intent, closes the gaps, and proves the risk reduction.