Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identity theft is no longer just a problem affecting individual users – it’s a serious business threat. When companies lack a comprehensive, centralized security strategy, they remain exposed to identity-based attacks. Add to this the challenge of protecting both personal and corporate data in hybrid or remote work environments, and the risk becomes even more difficult to manage. According to the U.S.

It started with a sudden alteration in chemical levels in the water treatment system. When a threat actor adjusted the level of sodium hydroxide to more than 100 times its normal amount, millions were at risk of being poisoned. Luckily, it was stopped in time. This is not fiction. It is one of several real incidents already published in 2021. Since then, more incidents have been identified, targeting critical water facilities and other OT infrastructure.

The recent publication of Gartner’s Market Guide For Third-Party Risk Management Technology Solutions (1) is especially timely as the percentage of cyber breaches involving third parties doubled over the past year to 30% according to Verizon’s 2025 Data Breach Investigations Report.

Modern IT is innately complex, which leads to matching complexity in the security environment and indeed for managing privileged accounts. Companies rely on multi-cloud and hybrid cloud deployments to get more flexibility and to enhance resilience. But the flipside of a distributed, decentralized IT approach is a variety of security models across platforms. That creates a broad attack surface, and a complex web of privileged accounts.

Phishing site takedowns do serve a purpose-they help remove websites that impersonate trusted brands and pose real risks to your customers. The problem is timing. These takedowns often arrive too late, after users have already been tricked into handing over their credentials or personal information. Too often, phishing campaigns are only discovered once the damage is done.

When most people think of cybersecurity breaches, they imagine hackers cracking passwords or exploiting vulnerabilities. In reality, the weakest link in any security program is often the human element.

Domain Name System (DNS) is a critical Internet service. DNS simplifies the process of finding Internet resources by resolving user-friendly domain names, such as splunk.com, into machine-readable IP addresses like 192.168.1.1. Many sophisticated cyberattacks rely on DNS activities. Let’s review the risks DNS services face and what organizations can do to guard against DNS attacks. We’ll cover the following critical DNS security topics.

The OWASP Top 10 is a security research project that outlines the ten most critical security risks to web applications. Published by the Open Worldwide Application Security Project (OWASP), it serves as a widely recognized benchmark for web application security. The list is compiled from data gathered by security experts and organizations worldwide, based on the prevalence, detectability, and impact of various vulnerabilities.

Network Detection and Response (NDR) has emerged as a must-have capability of modern security operations (SecOps). NDR provides deep visibility, detection of advanced threats that evade other security tools, and rapid response capabilities to address the SecOps challenges of incomplete visibility, detection gaps, high SIEM and storage costs, and tool sprawl that impact accuracy, speed, and efficiency.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! All hail our bot overlords.