Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Mobile devices have become one of the most dynamic, and most exposed, parts of the modern attack surface. They access sensitive data, connect to untrusted networks, and rely heavily on third-party applications. Yet in many organizations, mobile security still lags behind traditional endpoint protection. Mobile device management (MDM) solutions help enforce configuration and compliance, but they were never designed to detect and respond to modern threats.

The goalkeeper is the only player on the pitch whose mistake immediately costs a goal. No recovery time. No second chance. That’s what makes credential security different from every other control. When it fails, the game is already over. Every other layer in your stack has someone behind it. Endpoint controls, network segmentation, privilege management, and policy enforcement are all players doing a job, each one backed up by another. Credentials aren’t like that. They sit behind all of it.

This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.

Adversaries are evolving faster than defenders can respond, and they're weaponizing AI to accelerate their attacks. We’ve seen “living-off-the-land”, lateral movement, and the abuse of legitimate administrator tools enable hackers to hide in plain sight, diluting the effectiveness of traditional detection methods. Meanwhile, defenders are nervously trying to keep up with the accelerating pace of AI-empowered threats hitting them at machine speed.

npm shipped a new protection this week for its most depended-on accounts. When npm detects a sensitive action on a high-impact account, like an email swap or the use of a 2FA recovery code, it puts that account into a 72-hour read-only state and sends an alert to the previous email address. The package installs and downloads keep working as normal during this time, and the freeze lifts automatically at the end of the waiting period.

If you’re running Windows in your environment, WinRM is one of the most valuable, and most abused channels in your infrastructure. Graylog provides a purpose-built way to make those logs immediately actionable. The Microsoft WinRM Content Pack, available with an Illuminate license and Graylog Enterprise or Graylog Security, delivers ready-to-use parsing rules, streams, GIM categorization, and a dashboard so you can turn raw WinRM operational events into structured, searchable security intelligence.

AI assistants are repeating a common Git mistake: committing fixes that remove secrets only from the latest code, not from repository history. GitGuardian AI Skills can help.

In managed security, failures rarely happen because of a lack of technology. They happen because of friction, small operational bottlenecks that slow down detection, skew prioritization, or delay incident response. That friction is silent, but deadly. More than any single tool, it determines an MSP’s actual capacity to protect its clients at scale. So, the real question isn't whether you have enough visibility. It’s: Where are your operations failing without you even realizing?

You've built rigorous identity verification flows. You're running liveness detection, document checks, and behavioral analysis. And when users make it through, you rightfully clear them as trusted. But when users aren’t in a verification flow, you lose insight into the device, network, and behavioral signals that could flag a major risk. Sentinel extends passive signal collection to any moment in the user's life cycle.