Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 20, 2026, Oracle disclosed a critical (CVSS score of 9.8) vulnerability (CVE-2026-21992) impacting two Oracle Fusion Middleware components: Oracle Identity Manager and Oracle Web Services Manager. An unauthenticated attacker could exploit the vulnerability to obtain network access via HTTP and remotely execute code. Critical functions of the products are exposed due to the lack of network-level authentication. As of this publication, there are no reports of active exploitation.

Counter Threat Unit (CTU) researchers continue to investigate trends in Contagious Interview campaign activity conducted by NICKEL ALLEY, a threat group operating on behalf of the North Korean government. The group notoriously targets professionals in the technology sector by advertising fake job opportunities, deceiving prospective candidates through a fake job interview process, and ultimately delivering malware.

Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he studied the convergence of educational technology with computer science as part of his psychology MA – finding, to his disbelief, that systems were perilously insecure. Since then, he’s always worked in and around cybersecurity.

CrowdStrike is expanding CrowdStrike Falcon Next-Gen SIEM to support third-party endpoint detection and response (EDR) solutions — beginning with Microsoft Defender — with no Falcon sensor required. This evolution will enable organizations to modernize their SOC without replacing existing endpoint agents. Adversaries are moving faster than ever, exploiting cross-domain gaps across endpoint, identity, network, and cloud.

As organizations race to adopt new AI tools, deploy AI agents, and build AI-powered software, they create new attack surfaces that traditional security controls were never designed to protect. A key example is the prompt and agentic interaction layer, which faces novel threats like indirect prompt injection and agentic tool chain attacks.

Security teams face a threat landscape shaped by AI-driven attacks and identity misuse. Adversaries increasingly rely on compromised identities to blend in as legitimate users, making attacks harder to detect and slower to contain. On average, organizations take 241 days to identify and contain a breach.1 While threats have evolved, legacy SIEMs have not kept pace.

Jira Cloud APIs are widely used for automation and integrations across CI/CD, DevOps, reporting, and internal tools. Atlassian provides native REST API authentication using API tokens and OAuth. This works well for simple scripts and internal automation. However, modern organizations often require stronger controls when APIs are used by multiple services, integrations, and automated systems. As integrations grow, teams often need a more controlled authentication model than user-based tokens alone.

In only a few years, artificial intelligence (AI) has changed almost every aspect of life, and especially so in business. Today, employees are using generative AI tools to draft emails, code software, and analyze data at lightning speed. However, there is a hidden side to this productivity boost: unauthorized AI use. Many employees are bypassing official IT channels and using shadow AI applications to get their work done.

Non-human identities (NHIs) and AI Agents including service accounts, CI/CD credentials and cloud workload identities, now eclipse human identities in enterprise identity systems by 50:1 to 100:1. Modern identity security platforms must assign identities to these assets and furthermore, apply roles, access control policies, visibility and governance in order to secure the modern enterprise.

There’s a claim gaining traction in the market: homomorphic encryption can preserve data privacy in AI workflows. Encrypt your data, run it through a language model, and never expose a single token. Sounds bulletproof. It isn’t. Homomorphic encryption (HE) was built for math, not language. Applying it to LLM pipelines is like encrypting a book and asking someone to summarize it without reading a word. The problem isn’t efficiency.