Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Unify Kubernetes, VMs, and AI with VCF 9

Managing modern IT infrastructure often feels like balancing completely different ecosystems. For years, organizations have run separate, hand-built, Kubernetes stacks on top of legacy virtualization platforms. Due to security concerns, it just made sense to build a separate, tailored container environment that they could automate and schedule their exact needs. This fragmented approach leads to inconsistent security policies, fragile integrations between clusters, and operational silos.

Privileged Access Governance (PAG): What It Is & Why It Matters

Your Privileged Access Management (PAM) tool is running. Your vaults are configured. Your sessions are monitored. And somewhere in the environment, a former contractor’s account still has domain admin rights. This is the problem that Privileged Access Governance (PAG) solves. In this blog, we'll see why having the right Privilege Access Management tools isn’t the same as having privileged access under proper control.

Redefining WTF in Cybersecurity: Why It's Time to Focus on the Fix

The cybersecurity industry is currently defined by “WTF” moments of panic, from overwhelming vulnerability backlogs to sophisticated AI-driven attacks that bypass traditional defenses. To combat this, organizations must shift their narrative away from reactive frustration and toward the most critical part of exposure management: The Fix. By redefining WTF, security teams can move beyond context-less alerts and manual spreadsheets.

Cybersecurity Is Now an HR Issue, Not Just an IT Problem

As organizations become more digitally dependent, the traditional divide between cybersecurity and human resources is quietly dissolving. Cyber risk is no longer confined to firewalls and infrastructure, it lives in behavior, communication, hiring, and culture. The companies that recognize this shift are the ones building true resilience. Below are four expert perspectives that reveal how cybersecurity and HR are increasingly intertwined.

Why a strategic MVP is needed for scalable software

Minimum Viable Product is the exact opposite of MVP in sports, the Most Valuable Player. One danger is to treat it as the latter by over-investing time and resources into it, missing the point that it's about validating the business idea and core value proposition. But, many also go too far the other way and under-bake the features, treat the core code as disposable, and end up later building the real product on top of a mistreated foundation with technical debt.

100,000+ New Vulnerabilities This Year and Most Will Be Zero-Days Exploited Faster

The number of publicly reported unique vulnerabilities has risen year after year. There was a brief decrease and stabilization in 2015 - 2016, but those are the only years in the over two decades (1999 - on) I have been following vulnerability metrics. Other than that, it has been up, up, up.

I Didn't Revoke my API Keys Because Claude Called Me An Idiot

I need to confess something. A few days ago whilst vibe coding at 2am (which can end up burning through tokens like they are going out of fashion) I accidentally pasted my API key directly into a Claude chat instead of the terminal window I had open. Claude told me off. It felt like a full, proper, disappointed parent tone; the AI equivalent of 'I'm not angry, just disappointed', except it absolutely was angry. There may have been paragraphs.

Best Practices for Implementing AI Agents

On March 9th, Codewall.ai disclosed how it had hacked McKinsey & Company’s AI platform called Lilli, a purpose-built system for 43,000+ employees to analyze documents, chat, and access decades of proprietary research. The researchers unleashed an AI agent which quickly scanned 200 endpoints, identified 22 that did not require authentication, and one that wrote user search queries into a database including non-parameterized JSON keys which were concatenated directly into SQL.