Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When most people think of ‘web security’, they imagine a dark room with hackers diligently working on their systems, cracking codes to get access to websites and apps. But the reality is quite different. Most security breaches happen due to simple oversights, especially during security testing.

Misconfigurations in storage and encryption settings can put your mobile apps at risk, but so can social engineering attacks. Mobile devices are powerful productivity tools, enabling your staff to work from almost anywhere. They can also be security risks, sharing sensitive data outside of a tightly controlled office environment. If smartphones and tablets are integral to your organization’s day-to-day workflows, a mobile application security assessment should be part of your cybersecurity strategy.

Traditional vulnerability management once centered on scanning, enumerating, and remediating … and then repeating the process. In contrast, today’s enterprise attack surfaces shift by the hour. Cloud assets spin up and down. Business units deploy new SaaS tools overnight. Adversaries weaponize proof-of-concept exploits in days, or sometimes hours. Static, reactive processes can’t keep up.

With a background in philosophy, my transition into the world of cybersecurity as a penetration tester sparked a deep curiosity about the inner workings of the prolific cybercrime groups I saw in the news. To better defend against these groups, I needed to understand more about how they worked, specifically how they recruited people, vetted them, and turned their skills into a profitable business model.

AI is no longer a side project. It now powers support desks, analytics, knowledge search, decision support, and developer tooling. That reach makes data privacy a daily engineering task, not an annual policy exercise. Teams that succeed treat privacy like performance or reliability: they design for it, measure it, and improve it with each release. This guide captures Best Practices for Protecting Data Privacy in AI Deployment that work across industries.

When the day wrapped up at the Commonwealth Club, one thing was clear: we are in a moment unlike anything the security community has faced before. Hundreds of practitioners and thought leaders from around the world came together, and the turnout alone showed just how urgent and relevant this topic has become. Michael Bargury opened his keynote with a question that lingered well past the event: Are we actually making progress in securing agents?

Ask anyone on the outside of information security what the most important part of the industry is, and you’ll get a lot of different answers, but among them will be cryptography. Using strong encryption to hide information where it can’t be accessed without the proper authorization makes a lot of sense, and the idea of strong cryptography has saturated popular culture.

In October 2025, a critical zero-day vulnerability was disclosed in Oracle E-Business Suite (EBS), tracked as CVE202561882, which allows unauthenticated remote code execution (RCE). This vulneraility affects versions 12.2.3 through 12.2.14 and has already been actively exploited in the wild by the Cl0p ransomware group and potentially other threat actors.

A critical CVE-2025-61882 Oracle E-Business Suite vulnerability is under active exploitation by the Cl0p ransomware group. This unauthenticated remote-code-execution (RCE) vulnerability — CVE-2025-61882 — in Oracle E-Business Suite (EBS) was patched by Oracle in October 2025 and is being actively exploited in the wild. Multiple security vendors attribute attacks to Cl0p/associated ransomware extortion campaigns and Oracle has published an emergency Security Alert.

I’m not one to blog, but speaking with clients, peers, and colleagues, I often hear statements like “SIEM is dead” or “this is the SOC of the future.” So what do they really mean? Honestly, I’m not entirely sure either — there are so many conflicting viewpoints and ways of addressing this.