Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.

On August 12, 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralization of special elements used in an OS command within the phMonitor service (TCP/7900). Successful exploitation could allow a remote, unauthenticated threat actor to execute unauthorized code or commands via crafted CLI requests.

Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

This release raises the bar for enterprise-grade vulnerability and exposure management. We’re delivering on the promise of smarter, faster risk reduction powered by automation, enriched data, and operational depth. From fix-level SLA tracking to scalable API workflows and stakeholder-ready reporting, every enhancement is designed to help teams do more with less, and prove it. Here’s a breakdown of some of the major product updates from Q2 2025.

Egnyte AI agents are smart, task-specific AI assistants built to automate repetitive, time-consuming work, so that your team can stay focused on high-impact and strategic tasks. From reviewing documents to researching topics or translating content, these agents act like always-on digital coworkers who execute task-specific instructions while securely leveraging information contained in your private documents and on the web.

Your API rollout is on track. Code’s tested, endpoints documented. John from security asks for the third revision of your vulnerability assessment, and your release date slips another two weeks. Sounds familiar? You are not alone. According to a recent report by Salt Security, 99% companies reported at least one API security incident in 2024-25. And here’s the kicker: 95% API attacks come from authenticated sessions, proving that tokens alone don’t cut it anymore.

The Model Context Protocol (MCP) is a standardized framework that enables large language models (LLMs) to interact with external tools, APIs, and data sources. While MCP offers powerful integration capabilities across software development, data analysis, automation, and security operations, it also introduces serious security risks. This post provides a technical overview of how MCP works, its architecture, and real-world use cases.

As cyber threats grow more sophisticated, government agencies are struggling to maintain adequate budgets and resources to defend themselves. According to Verizon’s 2025 Data Breach Investigations Report, approximately 88% of data breaches involve the use of stolen credentials, making Identity and Access Management (IAM) essential in protecting sensitive information. The U.S.

As IT environments become more complex and the number of privileged accounts increases, organizations face many challenges when managing privileged access, including a larger risk of security breaches. Privileged Access Management (PAM) helps large organizations prepare for growth and security risks by reducing insider threats, enforcing least privilege across all systems and providing centralized control and visibility over privileged accounts.

DaVita is a healthcare provider based in Denver, Colorado, specializing in kidney dialysis. Founded in 2000, the company’s name is based on an Italian phrase that translates to ‘Giving Life’. Its core values are service excellence, integrity, teamwork, continuous improvement, fulfilment, and accountability. It currently serves 13 countries outside the United States, and its patient base exceeds 200,000. The organization also operates 2,664 outpatient dialysis facilities in America.