Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2026, you’re not just managing clusters and pipelines; you are managing the risk associated with the data flowing through them. As environments become decentralized and agentic, traditional, static data governance policies have morphed from inefficient to a security liability. The financial stakes of data governance failures have reached an all-time high. The average cost of a data breach in the United States has reached $10.22 million.

Valentine’s Day runs on emotion. Surprise, urgency, curiosity, trust, love. For threat actors, that combination is hard to beat. Every year in mid-February, security teams see the same pattern. Phishing campaigns pick up. Brand impersonation increases. Fraud attempts follow close behind. It is not because attackers suddenly developed new techniques.

What data are your employees feeding into unapproved AI tools? If you can't answer that question, then you might have shadow AI security risks that you don't know about. The Netwrix Cybersecurity Trends Report 2025 found that 37% of organizations have already had to adjust their security strategies due to AI-driven threats, while 30% haven't started AI implementation at all. That gap between how fast AI threats are evolving and how slowly organizations are responding is where shadow AI thrives.

Teams sprawl is one of the most overlooked security risks in Microsoft 365 environments. When all your employees can create teams on demand, without approval, naming conventions, or expiration policies, the result is hundreds of ungoverned workspaces with no clear ownership, inconsistent naming, and scattered data. That governance gap creates measurable risk.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Not spooky season right? Well, this is a bit odd

Read Post

Security teams are facing an attack surface that changes faster than it can be fully understood. Cloud adoption, Software-as-a-Service sprawl, and continuous delivery cycles have dissolved the traditional perimeter, replacing it with an environment where assets change with little notice. Shadow IT, abandoned infrastructure, expired certificates, and misconfigured services quietly expand exposure, often outside formal ownership.

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and professionals. This attack compromises Microsoft 365 accounts (Outlook, Teams, OneDrive) by abusing the OAuth 2.0 Device Authorization Grant flow, bypassing strong passwords and Multi-Factor Authentication (MFA).

Researchers at Okta warn that a series of phishing kits have emerged that are designed to help threat actors launch sophisticated voice phishing (vishing) attacks that can bypass multifactor authentication. “The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta says.

In a content collaboration and governance market that often gets swept up in hype, it’s refreshing when an analyst focuses on what actually works.

Exposure management has outgrown visibility. With 67M+ findings per year, the real challenge is execution at scale. The 2026 Exposure Action Report shows that risk clusters in predictable places, most exposure is operational (not novel), and meaningful risk reduction comes from consolidation, prioritization, and disciplined remediation workflows — not adding more tools.