Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’ve ever wondered how companies can protect their emails from being hijacked or used for malicious purposes, the answer you’re looking for is DMARC (Domain-based Message Authentication, Reporting, and Conformance). A DMARC record is an auxiliary security configuration that can be a difference-maker in the battle between legitimate senders and threat actors. It serves as a reliable mechanism to deal with rogue emails and stave off spoofing and other email-based threats.

In today’s rapidly changing digital environment, APIs play a crucial role in modern business, facilitating smooth connectivity and data sharing. Yet, this interconnected nature brings significant security and privacy risks, as evidenced by the Federal Trade Commission's (FTC) recent settlement with GoDaddy. This settlement serves as a stark reminder that strong API security is no longer just a good security practice but is now a legal obligation.

The rapid rise of AI-powered applications brings innovation, but also security blind spots. As AI systems become integral to our daily lives, their security must keep pace with their capabilities. This is the focus of our AI Security Testing Series, where we analyze popular AI applications for vulnerabilities that could put users at risk. In our last analysis, we tested Deepseek’s Android app and uncovered critical security flaws.

The weakest link in your infrastructure might just be your permissions. In Kubernetes, permissions exist to protect your cluster, but if you’re not careful, they can become your number one problem. How? A single misconfigured access role in a Kubernetes cluster can open the door to a full-scale security breach. Yes, your network policies and firewalls are in place, but when a bad actor can kubectl delete a namespace from inside your cluster, the real breach point is access control.

Helping you stay secure and productive is why we do what we do at 1Password. Whether it’s managing sensitive information across devices or streamlining your day-to-day workflows, you need to protect what matters most, at home and at work. Every day, your feedback helps us find ways to improve 1Password so we can better fit your needs. And with every release, we aim to bring you more features you’ll love.

Last year, we introduced 1Password SDKs — production-ready, open source libraries for Typescript/JavaScript, Python, and Go — to support secure access to secrets stored in 1Password. Today’s release expands those capabilities to provide full programmatic access to 1Password items, including creating, reading, updating, deleting, listing, and sharing information stored in vaults.

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.