Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This new guidance amounts to leading Western governments telling OT users (industrial businesses in manufacturing, energy, power, logistics, critical infrastructure, and the like), “Yes, you can use AI in OT, but only if you’re prepared for it to fail and you can recover quickly when it does.”

Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email addresses. “Microsoft Teams now allows users to send direct chat invitations to any email address, even if recipients aren’t part of a Teams tenant,” the researchers explain.

Have you decoded CVE-2025-66478?

The latest updates to KeeperAI threat detection introduce meaningful updates across PAM resources, PAM configuration settings, gateway settings and session history, providing an enhanced security layer within the web vault architecture. KeeperAI automatically monitors and analyzes SSH sessions in real-time to identify suspicious or malicious activity, ensuring that high-risk sessions are automatically terminated and all user activity is analyzed and categorized.

Agentic AI is moving into production in CI/CD pipelines, internal copilots, customer support workflows, and infrastructure automation. These systems no longer just call a model. They plan, decide, delegate, and take actions on behalf of users and other systems. This creates new attack surfaces that do not map cleanly to traditional application security or even the OWASP Top 10 2025.

Which is the best aspect to focus on first: network or identity? That’s a question many organizations ask when planning their Zero Trust journey. While both are key pillars to address in a Zero Trust journey, the overarching approach should be to start with your data and let that data be your guide. Data Security Posture Management (DSPM) plays a unique role in enabling businesses to achieve this thanks to its capacity for identifying potentially insecure combinations of identity, access and data.

On December 9, 2025, Fortinet released an advisory detailing two critical authentication bypass vulnerabilities affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. Designated CVE-2025-59718 and CVE-2025-59719, these vulnerabilities allow an unauthenticated threat actor to bypass FortiCloud SSO login authentication via a crafted SAML message if the feature is enabled on the device. Fortinet states that FortiCloud SSO login is disabled by default in factory settings.

ggshield, GitGuardian’s CLI, can help you keep your secrets out of your repos, pipelines, and much more. Download our handy cheat sheet to help you make the most out of our CLI.

If Darth Vader and the rest of the Empire made one major strategic mistake, it was failing to understand the important role that the human element plays in security. Convinced of their superiority, the Empire’s leaders assumed that the Death Star was impenetrable. However, in the end, it was a scientist and his team who compromised the technology by building in a backdoor.

Gender based violence does not begin with technology, but technology has become one of the easiest tools for it to grow. Misogyny, entitlement and harmful gendered beliefs shape how abusers use digital platforms, devices and online spaces to control, shame or silence women and people of marginalised genders. To tackle cyber abuse effectively, we cannot focus only on the technology. We also need to challenge the attitudes and norms that fuel the harm.