Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ask five compliance leads in the gaming industry how 6.4.3 applies to their payment flows, and you’ll get five different answers. Ever since PCI v4.0.1 has come into effect, gaming and iGaming operators have been struggling to identify where they fall in scope, which SAQ paths apply to their specific architecture, and if Requirement 6.4.3 and 11.6.1 apply to them or their payment processors.

In agentic architectures, model behavior is guided by a combination of system prompts, retrieved context, and tool-related inputs rather than a single instruction source. When signals conflict or include untrusted instructions, models must infer which inputs to follow. This ambiguity exposes an opening for prompt injection attacks.

Endpoint threats no longer appear with warning signs. They now blend into normal activity, making detection difficult. Once inside, these threats move quietly across systems without being noticed. By the time security teams notice them, damage is already done. This shift has led to the rise of Endpoint Detection and Response. But EDR alone was not sufficient in many cases. This is when Managed EDR was introduced to fill that gap.

Many DevOps and security teams rely on ServiceNow CMDB (Configuration Management Database) as the system of record for metadata about infrastructure assets, application and service ownership, and dependencies. ServiceNow CMDB captures which team owns each service, what business unit the service supports, the environment where it runs, and how assets relate to each other.

Apologies for the nested parentheses. This isn’t a joke. The project really has gone through this many names already! Check out why in their Naming Journey.

Growth is the ultimate goal for almost every business. For many long-established organizations, the quickest path to that goal is through acquisition. Mergers and acquisitions (M&A) open doors to new markets, new capabilities, and new revenue streams. However, for the IT teams responsible for integrating these new entities, the reality is often less about celebration and more about survival.

Cryptographic failures have a knack for turning a quiet weekend into a chaotic, all-hands-on-deck emergency. Consider the SHA-1 to SHA-2 deprecation, sometimes referred to as “Shapocalypse,” which sent teams scrambling to reissue thousands of certificates and exposed how many legacy systems weren’t ready for stronger hash algorithms. The major Certificate Authority (CA) distrust events involving DigiNotar in 2011, Symantec in 2017-18, and Entrust in 2024-25 created similar disruption.

AI agents now operate as core identities in enterprise environments, authenticating, accessing data, and executing workflows at machine speed. Their flexibility and scale introduce a detection challenge traditional security models were never built to solve. Exabeam has seen this pattern before with insider threat and workload identities. AI agents accelerate the need for identity-centric detection.

The International AI Safety Report 2026 is one of the most comprehensive overviews to date of the risks posed by general-purpose AI systems. It’s compiled by over 100 independent experts from more than 30 countries, and shows that while AI systems are performing at levels that seemed like science fiction only a few years ago, the risks of misuse, malfunction, and systematic and cross-border harms are clear. It makes a compelling case for better evaluation, transparency, and guardrails.

On February 6, 2026, Fortinet released fixes for a critical vulnerability in FortiClientEMS, tracked as CVE-2026-21643. The flaw arises from improper neutralization of special elements used in SQL commands in the FortiClientEMS GUI (web interface) that can allow an unauthenticated remote threat actor to execute unauthorized code or commands.