Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Do you know why Shai-Hulud should raise your hackles? Unless you’ve spent time on Arrakis in Frank Herbert’s Dune or the npm ecosystem this month, the name Shai-Hulud might not ring a bell. In Herbert’s world, Shai-Hulud is the colossal sandworm of Arrakis—feared, powerful, and destructive. In our world, I guess you could say the same thing. Shai-Hulud surfaced as a malware worm that tore through the npm software registry on Sept. 16–17, 2025.

Compliance is not, nor has it ever been, security. Compliance is the spellcheck of the security world. Security is the work that people do every day to implement, enforce, and monitor the controls that protect systems, networks, applications, devices, users, and data. Compliance is the process of reviewing security work to ensure that it functions as intended. Compliance is an important component of an organization’s security posture.

Launching a website or an online community brings people together to create and share. The operators of these platforms, sadly, also have to navigate what happens when bad actors attempt to misuse those destinations to spread the most heinous content like child sexual abuse material (CSAM).

If we want to keep the web open and thriving, we need more tools to express how content creators want their data to be used while allowing open access. Today the tradeoff is too limited. Either website operators keep their content open to the web and risk people using it for unwanted purposes, or they move their content behind logins and limit their audience.

BlueVoyant recently announced its strategic partnership with the Automotive Information Sharing and Analysis Center (Auto-ISAC), the central organization for cybersecurity collaboration in the automotive industry. Information Sharing and Analysis Centers (ISACs) are important organizations that provide a central resource within a given sector for gathering, analyzing, and sharing information on cyber threats and vulnerabilities.

Penetration testing is often seen as one of the most exciting jobs in cyber security. After all, who wouldn’t want to be the person trusted to break into systems before the criminals do? It’s a career that’s in high demand, with competitive salaries and no shortage of opportunities, but getting into pentesting isn’t always straightforward.

Mobile apps often handle sensitive data daily, such as credentials, tokens, health records, financial information, and personal identifiers that attackers seek to exploit. On iOS, developers sometimes assume local data storage is inherently secure because of sandboxing and built-in Apple protections. This assumption is flawed. Poorly implemented storage practices can expose critical data, leading to severe privacy and security incidents. This article examines.

The Secret Service’s takedown in New York shines a light on a type of threat that is technically fascinating and deeply concerning for national security: large-scale cellular interception networks leveraging cell-site simulators (CSS), also known as IMSI catchers or Stingrays. The news comes as New York City hosts the annual United Nations General Assembly, gathering heads of state from around the world and creating an incredibly target-rich environment for attackers.

Software supports business operations in healthcare, finance, e-commerce, and legal tech as well. Many organizations build legal tech software that streamlines document management, automates legal workflows, ensures compliance, and enhances collaboration for legal professionals. Key Insights.

Since Teleport 1.0, we have shipped built-in session recording and replay. Nine years later, we are shipping the biggest upgrade yet: AI Session Summaries. Teams using Teleport onboard thousands of engineers (developers, DBAs, Windows users) who run thousands of interactive sessions every day. That easily adds up to 5,000+ hours of recordings per month, which is too much for humans to review proactively.