Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2025, many of the long-standing cloud security concerns remained, but new areas of focus also developed. The significant increase in AI adoption enabled organizations to deliver features faster but also introduced new attack surfaces, such as untrusted or unpredictable user input for large language model (LLM) applications. At the same time, long-lived credentials and vulnerabilities in third-party packages continued to expose cloud environments to risk.

Non-human identities have become one of the most overlooked yet exploited attack surfaces in the modern enterprise. NHIs are entities that interact with systems and services but are not tied to a physical user. As organizations expand across hybrid and multi-cloud environments, thousands of machine-based identities are silently running critical operations, yet most are unmanaged, invisible and vulnerable to abuse.

According to ConductorOne’s 2024 Identity Security Outlook Report, 24% of security leaders say keeping up with new technological advances and attack vectors is their biggest obstacle. Addressing this challenge requires modern solutions that can adapt quickly, centralize visibility and protect privileged access.

Buffalo, NY — December 15, 2025 — Sedara, a managed security services provider delivering comprehensive cybersecurity solutions for organizations of all sizes, today announced it has been ranked on the MSSP Alert 2025 Global Top 250 Managed Security Service Providers (MSSPs) list. This marks the fifth year Sedara has been recognized as a Top 250 finalist, highlighting the company’s continued presence among leading cybersecurity service providers worldwide.

When Kenna launched more than a decade ago, it reshaped an industry that had grown numb to vulnerability overload. Back then, vulnerability management meant looking at mountains of CSV files, scanner reports, and a never-ending backlog of unprioritized issues. Kenna introduced the idea that risk instead of raw counts should determine what gets fixed first. For many security teams, it was the first time they realized they didn’t have a vulnerability problem.

At Pentest People, we’ve always said that technology alone cannot secure an organisation. Firewalls, patching programmes, penetration testing and vulnerability management are all crucial but the reality is that your people remain both your organisation’s greatest asset and one of its most exposed security controls. In fact, while organisations continue to mature their technical controls, awareness training is often where programmes fall behind.

Deepfake attacks have become more compelling and realistic than ever before. Attackers are impersonating trusted leaders with convincing videos and voice, making it harder for employees to know what is real. Traditional awareness training is a good start, but nothing replaces first-hand exposure to real and synthetic content when it comes to telling deepfake videos from authentic ones. That’s why today we’re introducing KnowBe4’s Deepfake Training Content.

Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners. The attackers are building fake login pages impersonating banking, insurance, and healthcare entities. The pages are designed to harvest credentials as well as security questions and multifactor authentication codes.

Millions of homes, businesses, and hospitals depend on solar power, a clean and cost-effective source of renewable energy. Adoption has accelerated worldwide thanks to major government initiatives such as the Inflation Reduction Act (IRA) in the U.S., the Renewable Energy Directive (RED II) in the EU, the Smart Export Guarantee in the UK, and Australia’s Small-scale Renewable Energy Scheme (SRES). As clean energy infrastructure expands, a new vulnerability is emerging.

Managing applications on Red Hat OpenShift gets complicated quickly. Updates break things, scaling requires constant attention, and recovery from failures eats up valuable time. OpenShift Operators eliminate these headaches by automating tasks that normally demand manual work from your team. These Kubernetes-native tools package, deploy, and manage services across your cluster.