Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read key insights from GitGuardian SecDays Virtual 2025 on securing the future of autonomous AI agents.

There is no other way to say it clearer, social engineering is going to be a lot, lot worse soon and far more successful than it is today. And that’s saying a lot. It’s already pretty bad. As I’ve been touting for over 20 years…in hundreds of articles…social engineering is involved in more successful data breaches than any other single hacker method.

Attackers are using Microsoft Teams calls to trick users into installing the Matanbuchus malware loader, which frequently precedes ransomware deployment, according to researchers at Morphisec. Matanbuchus is a malware-as-a-service offering that allows threat actors to install additional payloads onto infected Windows systems. “Over the past nine months, Matanbuchus has been used in highly targeted campaigns that have potentially led to ransomware compromises,” Morphisec says.

xx.

xx.

When you hand over the keys to your cloud, you’d better know who’s holding them—and for how long. In a world where speed is everything and complexity is the norm, organizations need more than visibility. They need assurance. That’s why we’re proud to share that CyberArk achieved CSA STAR Level 1 certification for its Secure Cloud Access (SCA) solution.

Security teams face a daunting mix of relentless alerts, complex investigations, and limited resources. It’s not just about detecting threats; it's also about responding quickly and efficiently. Elastic Security has long provided prebuilt capabilities for detection, investigation, and response. But what really sets Elastic apart is its open, API-first approach that gives you the power to build and automate specific workflows at your security operations center (SOC).

A Software Bill of Materials (SBOM) is like an ingredient list for software. It provides a detailed inventory of all the components that make up an application, including open source libraries, proprietary code, packages, and containers. Just as food packaging lists ingredients to protect consumers and ensure safety, SBOMs do the same for software by giving visibility into what is inside.

In late March 2025, the General Services Administration (GSA) announced the first major overhaul to FedRAMP in over a decade, soft-launching a new, fast-track authorization path called FedRAMP 20x. ‍ In May 2025, we submitted our initial package for the pilot, quickly followed by a resubmission of our final package. We’re now excited to share that Vanta has officially achieved FedRAMP 20x Low Authorization and a listing on the FedRAMP Marketplace.

As CSOs, we know cybercriminals don't clock out for summer. If anything, the seasonal drop in staffing and vigilance creates ideal conditions for identity-based attacks, especially for MSPs juggling multiple client environments. You need more than ever security that “just works” even under imperfect conditions with tools that remain reliable and effective—not fragile theory.