Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Payment Card Industry Data Security Standard (PCI DSS) compliance isn’t a once-a-year exercise; it’s a year-round effort that requires regular validation to protect cardholder data, manage risk, and maintain audit readiness throughout the year. Compliance failures are rarely caused by a single missing control.

We are back from the holidays and ready to kick 2026 into full gear! Check out the latest product updates from the past month.

Modern applications generate a constant stream of logs, some of which carry more information than they should. For too many organizations, logs include personally identifiable information (PII) such as customer names that were never meant to leave production systems. Teams try to limit this data exposure by using regular expressions to detect and obfuscate matches, only to discover that names like John O’Connor, Mary-Jane, Jane van der Meer, and A. García slip through.

Few cybersecurity knowledge repositories are as broad, deep, or widely respected as LevelBlue Security Colony. Industry analyst firm IDC has recognized the value of Security Colony, noting that clients and other organizations interested in understanding their cybersecurity posture download thousands of resources each month, many of which are available at no cost.

Last July, I traveled with my wife and two-year-old daughter to my parent’s house on the coast for a week of summertime fun-in-the-sun. It’s a trip we try to make at least once a year to escape the day-to-day grind, see family, and lounge beside various bodies of water, all while enjoying complimentary, around-the-clock childcare (aka grandparents). At least that was the plan. Instead, I awoke on the very first morning of our trip feeling just about as sick as I’ve ever felt.

If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.

If you’re a founder or engineering leader at a growing startup, you’re probably familiar with this tension: You need compliance like SOC 2 to close deals, but earning it pulls your team away from building your product. ‍ For example, manual SOC 2 prep forces engineers to spend weeks collecting screenshots, tracking down documentation, and responding to auditors instead of shipping features.

Netwrix found that SafeNet Agent for Windows Logon versions 4.0.0–4.1.2 create an insecure AD CS certificate template by default, enabling an ESC1 path that allows any authenticated user to escalate to Domain Admin. Thales fixed the issue in version 4.1.3 by restricting certificate enrollment to the NDES service account.

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

For the fifth consecutive year, CRN has recognized Alex Ruslyakov as a Channel Chief. The honor for 2026 highlights Ruslyakov’s continued commitment to helping managed service providers (MSPs) deliver modern cyber protection successfully year after year. The annual CRN Channel Chiefs list spotlights the most influential leaders across the IT channel, celebrating those who champion collaboration, drive innovation and empower their partners and customers to achieve shared success.