Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 5-7 years, quantum computers will likely crack RSA and other currently used encryption methods. That’s not fear-mongering. That’s math. Your enterprise code signing certificates? The ones protecting your software distributions right now? They’re sitting ducks. Every single RSA-2048 and ECDSA certificate you own will be worthless the moment a sufficiently powerful quantum computer comes online. Most enterprises have zero post-quantum cryptography strategy.

Businesses everywhere are moving fast to adopt AI. Yet many initiatives are fragmented, siloed, difficult to scale, and lacking adequate governance. New research from Forrester Consulting, commissioned by Tines, surveyed more than 400 IT leaders in North America and Europe on the challenges of scaling AI and the role IT can play. The findings show that while governance, security, and cross-functional alignment are top priorities, they’re also some of the biggest barriers.

AI now sits inside customer support, finance, human resources and product development. That reach brings value, and it also exposes personal and sensitive data in new ways. The question is no longer whether to adopt AI. The question is how to adopt it responsibly, with AI data privacy built into the system rather than tacked on after a test run. This guide explains the core concepts, definitions and best practices you can use to design, ship and scale AI with privacy in mind.

Within a Security Operations Centre (SOC), threat intelligence is indispensable. It provides the context analysts need to cut through noise, correlate indicators of compromise (IOCs), and prioritise alerts based on real-world risk. Without it, SOC teams would be overwhelmed, drowning in log data, chasing false positives, and reacting blindly to incidents rather than proactively mitigating them.

(Nov 26, 2025) JFrog continues to track, provide research and document a second wave of the Shai-Hulud Software Supply Chain Attack. Following the initial campaign, threat actors have returned with more advanced tactics, compromising an additional 621 new malicious packages across leading public registries.

Software supply chains are the attack vector for cybercriminals, and the challenge isn’t just finding vulnerabilities; it’s fixing them fast while ensuring security, compliance, and developer productivity. As supply chains grow in complexity, traditional tools aren’t enough; organizations need intelligent, autonomous assistance embedded directly into developer workflows.

Security teams are drowning in findings, but only a fraction of exposures actually put the business at risk. Treating every issue as equal spreads resources thin, slows down remediation, and leaves critical systems exposed. Threat Exposure Management (TEM) changes the equation by forcing teams to focus on the exposures most likely to cause real damage – and to build the operating model that ensures they get fixed.

Recent cyberattacks on retailers in the UK and the U.S. are now shifting to target the financial sector, with news on breaches reaching headlines almost daily. These stories track how today’s threat actors operate: they are strategic, pivot quickly, exploit weak links and are highly opportunistic. This opportunism means that if threat actors discover an unlocked door in one business within an industry, they will try every door within that industry to find a common weakness.

In order to collect various security-related metrics, Bitsight scans the entire internet, collecting a unique set of data that enables us to carry out a variety of studies that would be extremely difficult for any other company to conduct. One of the metrics that we collect is related to the presence of certain vulnerabilities. For this, we need to take into consideration all possible mitigation strategies that are available and that allow us to reduce the risk.

In our day-to-day work and conversations with security experts, one concern comes up regularly: how consistent is our WAF protection? Our answer is always the same: not as much as you think. The truth is that in the case of enterprises, web application firewall (WAF) coverage is rarely uniform. Protection is often a mixed bag of products from different vendors, managed by separate teams, each guarding only part of the attack surface.