Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At Snyk, our mission has always been to empower developers to build secure applications without slowing down. The importance of a developer-first approach is even more critical with the proliferation of AI use and in the world of cloud-native development. This means rethinking container security. It’s no longer enough to just scan a Dockerfile or a finished image at a single point in time.

The way we build software has fundamentally changed. AI code assistants are no longer a novelty; they are the new standard, creating a revolutionary leap in developer productivity. Back in May, we launched Snyk Studio with a focus on our partners, creating an open framework to build a vibrant ecosystem for securing AI-driven development. Our goal was to ensure that as the AI landscape evolved, Snyk’s market-leading security intelligence could be embedded into any AI-native tool.

As organizations evaluate modern DLP solutions, the gap between vendor promises and operational reality becomes critical. Through analysis of organizations running Cyberhaven - including several evaluating migration to Nightfall - we've discovered systematic challenges that impact security effectiveness, operational efficiency, and business productivity. This analysis provides CISOs and security leaders with crucial insights for making informed DLP decisions.

The digital battleground of 2025 Cybersecurity Report has made one thing crystal clear: cyber-threats no longer behave like isolated incidents. They evolve, scale and exploit trust in ways that ripple across businesses and society. As the firm behind Foresiet collected in its latest intelligence, emerging and maturing attacks will shape a far more challenging threat landscape in 2026.

Managing security shouldn’t mean juggling a dozen tools, agents, and spreadsheets. WatchGuard is cutting through the noise with two major updates designed to give managed service providers (MSPs) the simplicity and control they’ve been asking for: expanded PSA integrations and the new WatchGuard Agent.

Most IT teams face the same challenge: threats don’t stop when the workday ends. Alerts come in after hours, resources are stretched thin, and a single missed response can turn into a costly incident. Partners who deliver managed services often feel that pressure even more, balancing multiple customers and security tools while trying to prove value every day.

Identity, classification, and cloud persistence risks took center stage at Techno Security West 2025. Learn what cybersecurity leaders are prioritizing now.

The worldwide ransomware landscape saw a dramatic shift in attacks in October 2025, jumping 41% month over month, with the most prolific attacker, Qlin, more than doubling the number of attacks it launched, according to Trustwave, A LevelBlue Company, research. The US remained the primary recipient of ransomware attacks, but October saw manufacturing overtake technology as the most targeted vertical sector.

The JFrog Security Research team recently discovered and disclosed CVE-2025-11953 – a critical (CVSS 9.8) security vulnerability affecting the extremely popular @react-native-community/cli NPM package that has approximately 2M weekly downloads. The vulnerability allows remote unauthenticated attackers to easily trigger arbitrary OS command execution on the machine running react-native-community/cli’s development server, posing a significant risk to developers.

Trustwave SpiderLabs’ Cyber Threat Intelligence team is tracking the recent emergence of what appears to be the consolidation of three well-known threat groups into a “federated alliance” that offers, among its activities, Extortion-as-a-Service (EaaS). The collective comprises Scattered Spider, ShinyHunters, and LAPSUS$.