Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today’s security teams need AI models that can reason over massive telemetry and support autonomous actions. At CrowdStrike, we're working closely with NVIDIA to operationalize NVIDIA Nemotron open models1, building on our existing integration of Nemotron on Amazon Bedrock within the CrowdStrike Falcon platform. This collaboration enables us to rigorously test and adapt large language models (LLMs) for security-specific workloads while maintaining production-grade performance and security.

Many organizations use Microsoft Entra ID to manage identities and access across hybrid and cloud-only infrastructures. Entra is a powerful identity provider (IdP) solution that has extensive, configurable features, including for managing multifactor authentication (MFA). The breadth of features can also be a challenge, as many organizations struggle to know how to implement MFA in a way that works best for their organization. This article will explain an approach for how to implement MFA using Entra ID.

The year 2025 proved to be a turning point in how governments, organizations, and communities manage the unpredictable nature of modern crises. With the accelerated pace of technology, significant shifts in global politics, and an increasingly interconnected world, the lessons learned from the recent period have provided a rich roadmap for crisis management governance.

For years, the cybersecurity industry has told itself that vulnerability management has been improving. This story is centered around “more”: more scanners, more data, more dashboards. Despite this abundance, by 2025 the gap between activity and outcomes became impossible to ignore. Security teams were doing more work than ever but struggled to show that risk was actually going down.

On December 12, 2025, the MongoDB Security Engineering team disclosed a high-severity vulnerability in MongoDB that allows unauthenticated memory disclosure. The issue is tracked as CVE-2025-14847 and has a CVSS score of 8.7 and was quickly nicknamed MongoBleed in the security community due to the way it exposes server memory.

Securonix threat researchers have been tracking a stealthy campaign targeting the hospitality sector using click-fix social engineering, fake captcha and fake blue screen of death to trick users into pasting malicious code. It leverages a trusted MSBuid.exe tool to bypass defenses and deploys a stealthy, Russian-linked DCRat payload for full remote access and the ability to drop secondary payloads.

Whenever you press the update button on your phone, or your server requests a new container image, an act of faith is being performed. You are relying on the fact that the code that you are downloading is what the developer wrote. You are hoping that a hacker didn’t place a backdoor in between. Our years of verifying trust with a basic digital handshake: Code Signing. But here is the thing. It is a weakened handshake. I call CTOs and security leaders weekly, and they are afraid.

New York has started a movement to reshape the AI compliance landscape for companies doing business in the state. Other states are following suit making Governance and AI Compliance an increasingly critical endeavor.

While Hamlet asked the existential question “to be or not to be,” most security teams ask an equally esoteric question that ultimately defines their ability to manage alerting and detection: “to deploy on-prem or in the cloud?” When adopting a security information and event management (SIEM) solution, organizations must make a foundational decision around whether to deploy the solution on-premises or in the cloud.

Cato CTRL’s Vitaly Simonovich (senior security researcher) has discovered a vulnerability (CVE-2025-64496 with a “High” severity rating of 7.3 out of 10) in Open WebUI in versions 0.6.34 and older. This flaw affects the Direct Connections feature, which lets users connect to external AI model servers (ex: OpenAI’s API). If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack.