Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The digital landscape is expanding at an unprecedented rate, driven by the mass migration to the cloud, the proliferation of IoT devices, and the rapid growth of AI. While this growth presents limitless opportunities, it also creates a daunting new reality for cybersecurity teams. As a company's digital footprint and attack surface expand, it becomes increasingly vulnerable to the growing number of threats, particularly those originating from the open, deep, and dark web.

For years, cybersecurity meant defending a clear, defined perimeter. That era is over. Modern organizations are sprawling, borderless, and interconnected in ways security teams were never designed to protect. Employees log in from around the globe, business units spin up SaaS without approval, and third-party vendors extend risk far beyond your control. Attackers no longer need to hammer at a single gateway.

Cyber threat monitoring is critical for effective cybersecurity, yet most organizations operate with gaping blind spots. In this post, we shed some light on the limitations of conventional approaches to help you achieve comprehensive visibility of your attack surface.

Security teams are familiar with the comforting sense of safety that comes from utilizing security controls like Single sign-on (SSO) providers to manage their organization’s major applications and critical tools. When these applications are routed through Okta, Azure AD, or other identity providers, your SaaS environment can seem managed and accounted for. But lurking underneath is a significant vulnerability: the SSO blind spot.

Almost a decade after its discovery, the critical remote code execution vulnerability known as CVE-2016-10033 continues to pose a significant threat to web applications worldwide. In this post, we explain why it's so dangerous and the essential steps to protect your systems from this critical exposure in 2025.

Cybersecurity researchers uncovered what is being called the "mother of all breaches," a colossal dataset containing 16 billion login credentials, including user passwords for Google, Facebook, and Apple. To put that figure in context, the cache represents twice the current human population of the Earth. This event was not the result of a single breach, but likely a compilation of data stolen from multiple breaches over many years.

As a security leader, you face an inevitable daily reality: a flood of alerts pouring in from dozens of different tools. Risky sign-ins are flagged in Microsoft 365, weak passwords are pinged from a vault audit, and a separate report identifies which employees failed the latest phishing simulation. While all this information is valuable, most leaders are unable to connect these separate data points to paint a clear, cohesive picture of an individual user’s overall risk.

Domain-name system (DNS)- based cyber attacks are becoming increasingly complex, and AI will only make managing them even more challenging. According to a recent report, Chief Information Security Officers (CISOs) anticipate a tumultuous season of cyber threats, with low confidence in their abilities to defend against them effectively.

Your IT department just sent out its annual reminder to complete security awareness training. Employees dutifully clicked through their training modules, passed a short quiz, and checked off the compliance box for another year. Ask yourself, does this process really give you confidence that your organization is prepared to dispel today’s security threats? Well, the odds aren’t in your favor.

On June 4, Asana identified a bug in its Model Context Protocol (MCP) server and took the server offline to investigate. While the incident was not the result of an external attack, the bug could have exposed data belonging to Asana MCP users to users in other accounts.