Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The pressure to integrate AI is immense. Your developers need to move fast, and they’re finding ways to get the job done. But this rush for innovation often happens outside of established governance, creating a sprawling, invisible risk known as Shadow AI. To secure your organization, you must first understand what Shadow AI actually is. It’s not just a developer downloading a file to their laptop. Shadow AI is the totality of unmanaged AI assets within your supply chain.

For most enterprises, account takeover (ATO) detection is a game of lagging indicators. You see the spike in failed logins at the WAF level, the impossible travel flag in your SIEM, or – worst case – the chargeback report weeks later. This latency exists because traditional defenses monitor the perimeter (the login endpoint) rather than the environment (the user’s browser). By the time a request hits your backend authentication service, the attack chain is already in its final stage.

700Credit, a US-based credit check and compliance provider, disclosed in late October that it had suffered a significant data breach affecting nearly 18,000 dealerships and more than 5.6 million consumers. According to the company’s disclosure and subsequent reporting, the exposed data includes names, addresses, dates of birth, and Social Security numbers.

With only a handful of working days left in 2025, it might be useful to look back on the year of crypto policy that passed, to inform us as we look forward. What were the main industry’s key policy expectations of this year?

In December 2025, a critical remote code execution vulnerability was disclosed in DeepChat, an open-source desktop AI agent platform built using Electron. The issue, tracked as CVE-2025-67744, affects all DeepChat versions prior to 0.5.3 and carries a CVSS score of 9.6. The vulnerability arises from the interaction between two separate weaknesses. The first allows attacker-controlled JavaScript execution through unsafe rendering of Mermaid diagrams.

If 2025 has taught us anything, it’s that risk is no longer confined to the edges of your network. The traditional security perimeter has dissolved, with risk creeping into the very tools we use to run our businesses. Organizations faced off against catastrophic configuration errors, the weaponization of third-party trust connections, Multi-Factor Authentication (MFA) failures, and attackers who clearly love the holidays.

Organizations are under pressure to protect more devices, users, and distributed workloads than ever — while adversaries are moving faster, smarter, and across more domains. Many businesses still depend on complex solutions that create gaps between tools and strain security teams.

It was a quiet Monday morning until John, head of IT, opened his laptop and saw 424 new support tickets. Users across the office were reporting issues like “apps won’t load” and “internet not working.” After hours of investigation that stretched into the next day, the team traced the problem to a branch router overwhelmed by malformed DNS queries from a misbehaving IoT device.

Mexico has taken a major step toward strengthening its digital defenses with the official unveiling of its first National Cybersecurity Plan, a landmark initiative that establishes the country’s first specialized policy framework for cybersecurity.

As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep up. At Salt Security, we spent 2025 focused on one thing: defending the API action layer where AI, applications, and data intersect.