Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The financial sector remains one of the most targeted industries for cybercriminals and nation-state actors due to the sensitivity of customer data, the high value of financial transactions, and the critical role these institutions play in global stability. Bitsight’s 2025 State of the Underground report found that underground markets listed nearly 14.5 million compromised credit cards in 2024, representing a 20% increase over 2023. This growth was driven entirely by a surge in US-issued cards.

The hybrid working model has blurred the traditional limit of corporate networks. With users accessing critical resources from remote locations, unmanaged networks and personal devices, attack surfaces have increased exponentially. This demands a cutting-edge, comprehensive and adaptive approach to security. A recent example in January 2025 makes this clear: a vulnerability in SimpleHelp - a remote access tool - let attackers compromise corporate endpoints and move laterally across the network.

Key insights from a fireside chat between Nightfall CEO Rohan Sathe and cybersecurity veteran Enrique Salem, Partner at BCV and Nightfall investor Twenty years ago, enterprise security teams scrambled to address shadow IT as employees brought consumer applications into the workplace. Today, we're witnessing the same phenomenon with AI tools—what we now call shadow AI. The fundamental question remains unchanged: What happens to our data?

Do you know why Shai-Hulud should raise your hackles? Unless you’ve spent time on Arrakis in Frank Herbert’s Dune or the npm ecosystem this month, the name Shai-Hulud might not ring a bell. In Herbert’s world, Shai-Hulud is the colossal sandworm of Arrakis—feared, powerful, and destructive. In our world, I guess you could say the same thing. Shai-Hulud surfaced as a malware worm that tore through the npm software registry on Sept. 16–17, 2025.

Compliance is not, nor has it ever been, security. Compliance is the spellcheck of the security world. Security is the work that people do every day to implement, enforce, and monitor the controls that protect systems, networks, applications, devices, users, and data. Compliance is the process of reviewing security work to ensure that it functions as intended. Compliance is an important component of an organization’s security posture.

Launching a website or an online community brings people together to create and share. The operators of these platforms, sadly, also have to navigate what happens when bad actors attempt to misuse those destinations to spread the most heinous content like child sexual abuse material (CSAM).