Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What happens when the AI feature you shipped last quarter is compliant in one region—but illegal today in another? That’s the new normal. In 2025, the EU AI Act, new U.S. state privacy laws, China’s PIPL, and APAC rules are reshaping how organizations collect, process, store, and share data for AI. Privacy isn’t a back-office task anymore; it’s a front-line guardrail for product, security, and data teams.

For government contractors, budgeting isn’t merely a bookkeeping exercise—it’s the pivot point on which projects, compliance, and profitability hinge. Yet, many 8(a) organizations and government contractors still struggle with outdated systems, siloed processes, and compliance complexities that create unnecessary hurdles.

Application environments are more complex than ever, with APIs forming the critical connective tissue. But this proliferation has created a vast, often invisible, attack surface. Security teams are caught in a difficult position: compliance frameworks like PCI and SOC 2 demand API scanning, but offer little guidance. Meanwhile, you’re grappling with incomplete API inventories, and the market is a confusing mix of expensive, hard-to-instrument niche tools.

Imagine a retail chain, CaaT Networkstore, that wants to run a marketing campaign targeting its in-store customers. To do that, they need to know what types of devices their customers are using. They could survey the users, but a better, more accurate approach is to look at their free Wi-Fi logs and count the types of devices customers are using to connect to the network. If the store is small, the solution is fairly trivial.

The recent Zscaler breach has sparked significant attention in the cybersecurity community not just because of its impact, but also because of the complexity of the attack and the multiple claims of responsibility surrounding it. Here’s a breakdown of what happened, who’s claiming involvement, and what we can learn from the incident. This was not a direct hack of Zscaler’s core systems. Instead, it was a supply chain attack that exploited a third-party integration.

Fast-moving cloud environments demand speed, but without the right access controls they invite risk. Resources such as virtual machines, containers, and services are created, modified, and terminated at a rapid pace. At the same time, workloads are becoming increasingly distributed, with data and applications spanning multiple regions, accounts, and even across different cloud service providers (CSPs).

New Linux malware evades antivirus detection, UNC5518 deploys CORNFLAKE.V3 using ClickFix and fake CAPTCHA pages, and a PRC-Nexus campaign hijacks web traffic.

For years, the cybersecurity industry has hyped AI as a game-changer, but what vendors often delivered was basic machine learning driven or simple predefined rules. The rise of ChatGPT and similar tools dramatically reshaped the landscape, prompting vendors to hastily identify real AI use cases in their offerings.

The digital interdependence of today’s healthcare supply chain has created new systemic risks. Cybersecurity is no longer limited to internal systems, but vulnerabilities in the innumerable third-party suppliers can now expose entire networks to disruption. From patient records stored in the cloud to diagnostic tools and logistics platforms, every element is a potential entry point for attackers.

I'm going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code.