Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Stop giving too much access and start securing smarter. Just Enough Access(JEA) limits privileges to what’s needed, keeping your data safe and teams productive.

AI-generated attacks, such as social engineering, phishing, deepfakes, malicious GPTs, data poisoning, and more, are disrupting the current security landscape speedily. But there are ways to avoid them and strengthen our defences with miniOrange IAM solutions.

Third-party patch management is a vital security practice that involves identifying, testing, and applying updates to third-party software, including business-critical applications like browsers, plug-ins, and productivity tools, to reduce risk, maintain compliance, and ensure endpoint stability.

Executives everywhere are under pressure to deploy AI fast — but our recent roundtable on AI risk, hosted by TEISS, revealed a growing concern: AI adoption is outpacing governance, and organisations are taking on more risk than they realise. While most enterprises have mature technical controls, many are missing visibility into how AI is being used — and by whom.

The reality is clear: passwords remain one of the most-targeted—and most vulnerable—gateways into business IT environments. As cyber threats increase and evolve, relying on outdated password practices simply isn’t enough anymore. This Cybersecurity Awareness Month, let’s modernize our approach and treat password security not as a checkbox, but as a cornerstone of effective cyber resilience.

Torq AMP spotlights the partners redefining what’s possible in security operations. Each partner brings a unique strength that seamlessly extends Torq’s autonomous SOC platform. Together, these partnerships help SOC teams achieve speed, accuracy, and scale that were once out of reach. Explore the future of SOC in the AMP’d Sessions video series. Cloud has changed everything: how we build, how we deploy, and how attackers strike.

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers recently analyzed attacks of an adversary targeting users based in Brazil via WhatsApp. The attack lures users into downloading a zip archive. The zip archive contains a shortcut file (.lnk) which ultimately downloads and executes a banking trojan which BlueVoyant researchers have dubbed Maverick internally based off the naming convention used by the attackers.

Researchers at Foresiet are actively investigating a major data leak targeting Red Hat, following claims made by Scattered LAPSUS$ Hunters, who have reportedly joined forces with the Crimson Collective, following claims made by the Scattered LAPSUS$ Hunters, who have reportedly teamed up with the Crimson Collective.

Many teams assume that embedding payment forms in an iframe keeps them compliant with PCI DSS 4.0.1, Requirement 6.4.3. The reasoning sounds logical – compliance seems guaranteed if card data never reaches your infrastructure. However, iframe payment security PCI DSS 6.4.3 doesn’t work on assumptions; it works on control. The responsibility shifts to new layers of your website’s supply chain.

DevSecOps is often discussed as the solution for integrating security into rapid development cycles. Yet, misconceptions about what it is and how it works can prevent teams from adopting it. As an engineering manager, you need to balance speed with quality, and introducing a new methodology can seem disruptive. The truth is, a well-implemented DevSecOps framework doesn’t create bottlenecks; it removes them. It empowers your team to build secure, high-quality software faster.