Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every day, thousands of developers unknowingly leave the keys to their company’s lying around… in code. It sounds crazy, right? But it happens more often than you think. A single hardcoded AWS access key, an overlooked database password, or an exposed API token on GitHub can be all it takes. And the result? Multi-million-dollar breaches, lost customer trust, and a brand reputation that takes years to rebuild. Hackers don’t need to break in when you leave the door wide open.

The CrowdStrike Falcon platform has once again delivered a perfect score in the SE Labs October 2025 Enterprise Advanced Security (EDR) Ransomware test: 100% detection accuracy, 100% protection accuracy, 100% legitimate accuracy, and 100% total accuracy — with zero false positives.

CrowdStrike has been recognized as a Customers’ Choice in the 2026 Gartner Peer Insights Voice of the Customer for Application Security Posture Management (ASPM) Tools report, a distinction based entirely on reviews from verified users. CrowdStrike received the top customer ratings across product capabilities and highest rating for deployment experience of all the vendors evaluated.

We’re excited to share new updates and enhancements for January, including: For more info on these updates, check out the list below and dive into the detailed articles. Please join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

In cybersecurity, speed is not a luxury. It is the difference between interruption and impact.

A phishing campaign is abusing LinkedIn private messages to target executives and IT workers, according to researchers at ReliaQuest. The messages attempt to trick victims into opening an archive file, which will install a legitimate pentesting tool. “A critical element of this attack was the use of a legitimate, open-source Python script designed for pen-testing,” ReliaQuest says.

Financial services firms handling payment card data just ran out of runway. As of March 31, '25, PCI-DSS 4.0 compliance is mandatory. The 64 new requirements that organizations could previously treat as best practices are now enforceable, and auditors are scrutinizing every control. According to Verizon’s 2024 Payment Security Report, only 14.3% of organizations achieved full PCI-DSS compliance during interim assessments. That means most firms are closing gaps while managing day-to-day operations.

When WorldLeaks claimed to have exfiltrated 1.4TB of Nike's corporate data—188,347 files containing everything from product designs to manufacturing workflows—the incident revealed something more significant than another headline-grabbing breach. It exposed a fundamental gap in how organizations approach data loss prevention. The breach reportedly included technical packs, bills of materials, factory audits, strategic presentations, and six years of R&D archives.

The exfiltration problem has evolved beyond what traditional DLP was designed to solve. Your employees work across personal AI assistants, multiple browsers, dozens of SaaS applications, and offline environments. They collaborate through Git, communicate via email clients, and store data on external drives. Each interaction represents a potential data loss vector—and legacy solutions can't see most of them.

A critical vulnerability (CVE-2025-40551) has been identified in SolarWinds Web Help Desk, a widely used IT service management platform deployed across enterprise and public sector environments to manage support tickets, assets, and internal workflows. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the underlying host system.