Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Top 5 M365 Security Gaps MSPs Find in New Customer Tenants

Most MSPs don’t have a security problem because they are missing tools; but because the tools they already have aren’t properly configured. Microsoft 365 includes a wide range of powerful security features designed to protect identities, data, and access. Over time, however, tenant configurations change: users are added, permissions are expanded, policies are adjusted, and temporary “duct tape” solutions become permanent.

Least Privilege Access for AI Agents: How to Secure Autonomous Systems in 2026

AI agents are no longer just answering queries or summarizing documents. They are booking meetings, pulling customer data, triggering workflows, and even making decisions across systems. And they don’t ask for permission every time. That’s where the real problem starts. Because once an AI agent is connected to your tools, APIs, and internal systems, the question isn’t what it can do, it’s what it should be allowed to do.

New in miniOrange PAM: Bringing EPAM to Windows and macOS

Privileged access has become significantly more complex over the last few years. Security teams are managing Windows and macOS devices, administrators rely on native tools to do their jobs, network infrastructure continues to expand, and operational technology environments are becoming increasingly interconnected. At the same time, manual approval processes and fragmented controls often create more friction than protection.

How Keeper Protects Against Brute Force Attacks on Password Manager Device Registration

Password managers are among the most helpful security tools available, offering strong password generation and encrypted credential storage. However, attackers are beginning to target password managers by exploiting the device registration flow, which is the process used to verify and approve a new device before it can access a user’s vault. By brute-forcing the One-Time Passwords (OTPs) that protect this step, attackers can register unauthorized devices and download copies of encrypted vaults.

Data Governance vs. Data Security

Most organizations treat data security and data governance as parallel tracks managed by separate teams with separate tooling. Security owns the controls; governance owns the policies. The two programs rarely share a roadmap, and the gaps between them are where data risk actually lives. Governance without security enforcement leaves policy on paper. Security without governance context produces alerts without the underlying understanding of what the data is, who owns it, or why it matters.

How a Modern Autonomous Penetration Testing Framework Differs from Legacy DAST

Over the years, Dynamic Application Security Testing (DAST) has helped you identify common vulnerabilities via automated scanning, fuzzing, and pattern-based detection. While valuable for baseline vulnerability discovery and compliance requirements, many security leaders, including maybe yourself, are now questioning DAST.