Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The disclosure of React2Shell (CVE-2025-55182) triggered a rapid patching effort across the React and Next.js ecosystem. However, deeper inspection of React Server Components (RSC) in the aftermath revealed additional vulnerabilities in adjacent code paths. These vulnerabilities pose serious operational and security risks.

Managing 5,000+ identities across your enterprise? Each one is a potential entry point for attackers—and your IAM security is only as strong as your weakest access point. This is where the most effective IAM best practices and data-driven strategies come into play.

We shipped some big updates this week!

Manual access requests and long-lived credentials pose a significant scaling challenge for engineering teams, even as they automate pipelines, testing, delivery, and monitoring. As the volume of machine identities grows, the sheer volume of permissions makes manual review and revocation unmanageable, increasing risks of stale tokens and silent privilege exposure. Nearly 47% of cloud intrusions stem from weak or mismanaged credentials, according to a Google Cloud report.

The theme at the Gartner IAM Summit conference this year was clear: identity is no longer adjacent to the business. It is the business. That idea showed up in the opening keynote, analyst sessions, hallway conversations, and especially in the gap between how IAM is supposed to work and how it actually works inside most organizations. After a week of listening closely, a few takeaways rose above the noise. We did not see many buzzwords or grand predictions.

The Visa Acquirer Monitoring Program (VAMP) has quickly become one of the most discussed (and feared) compliance frameworks in the payments industry. With stricter enforcement beginning October 1, 2025, merchants and acquirers around the globe are scrambling to understand how to stay within Visa’s tightening thresholds and avoid painful penalties.

Today, ChatGPT customers can add the Egnyte app to their workspace, enabling users to interact with Egnyte content directly within the ChatGPT app, giving you a powerful and secure way to use AI with your Egnyte content while respecting Egnyte context and permissions.

Security and IT professionals know the pattern all too well: workplace stress peaks in the weeks leading up to major holidays. Teams face pressure to close out projects, meet year-end deadlines, and handle increased workloads with reduced staff. And to top it off, cyber threats don’t take holidays. In fact, attackers often exploit this exact window of vulnerability.

For years, security teams have dealt with the challenges of alert fatigue, endless tools and data sources, and constant context switching. But, so far, we haven’t been able to significantly improve it with traditional tools. However, new agentic approaches can start providing improved gains. This begins to change the way SOC teams operate and approach managing their talent.

On December 17, 2025, SonicWall released fixes for an actively exploited medium-severity zero-day vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC), tracked as CVE-2025-40602. The vulnerability allows local threat actors to escalate privileges due to insufficient authorization in the SMA1000 AMC and does not affect SSL VPN functionality on SonicWall firewalls.