Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Managing collection visibility on Shopify is a common challenge for merchants handling large catalogs, wholesale pricing, or exclusive product groups. Shopify makes it easy to create collections, but controlling their visibility requires a bit more planning.

Pricing transparency works well for many direct-to-consumer stores, but for a growing number of Shopify merchants, especially those operating B2B, wholesale, or inclusive business models, displaying prices publicly can create more friction than value. This is where the need to hide prices on Shopify becomes a strategic and operational decision rather than just a cosmetic one. Shopify does not provide a native setting to control price visibility.

Azure Blob Storage is an object storage solution. It stores massive amounts of unstructured data, such as text files, images, videos, etc. It supports large-scale data for applications such as backup, data lakes, and media serving. Specifically, Azure Blob Storage security prevents unauthorized access, data leakage, and potential breaches.

CEO, TrustCloud.

Starting on January 15, 2026, Arctic Wolf began observing a new cluster of automated malicious activity involving unauthorized firewall configuration changes on FortiGate devices. This activity involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations.

As technology evolves, so do the security foundations that underpin the systems we rely on every day. One such foundational change is coming soon from Cisco Duo, the widely‑used multi‑factor authentication (MFA) platform that many organisations deploy to secure access to critical systems. Although this change isn’t a vulnerability in the traditional sense, it could impact the availability of Duo authentication services for outdated software and integrations.

Let’s be honest: in 2026, the traditional “firewall” is a bit of a relic. Having spent years analyzing how threat actors operate, I can tell you they aren’t banging on your front door anymore. Why would they? It’s much easier to build a pixel-perfect replica of your front door down the street and trick your customers into handing over their keys there.

The answer to whether WAF can see and prevent browser attacks that break PCI compliance depends on the lens you use. Through the lens of Requirement 6.4.2, the answer is mostly yes. But through the lens of 6.4.3 and 11.6.1, it gets a little blurry. Requirement 6.4.2 is about stopping web-based attacks at the application layer by inspecting outbound and inbound HTTP traffic at the server side.

In cloud service providers (CSPs) such as AWS, Azure, and Google Cloud Platform (GCP), Identity and Access Management (IAM) controls who has access to which resources through roles, policies, and permissions. IAM is about who can do what, like letting a developer read from a Database, but not delete it. Misconfigured IAM, such as roles with unnecessary privileges, is the common cause of unauthorized access/exploit/ data breaches, and resource abuse.

Mobile security has always been complex, but LLM technology has added a whole new dimension to the field. Behind every popular generative AI (genAI) tool is a comprehensive large language model (LLM) that provides data and parses queries in natural language. When used responsibly, LLMs can be useful tools for ideation and content generation. In the wrong hands, though, LLMs can help threat actors supercharge their social engineering scams.