Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An engineer gets a notification at 2 a.m. because something in production is broken. They need database access right away. For many teams, that access is already sitting there. Standing permissions granted for a past need that no longer exists. Credential abuse is still the most common way for a breach to start. It accounts for roughly 22% of initial attack paths, which is actually ahead of vulnerability exploitation at 20%. In many cases, attackers are not breaking in or exploiting a flaw.

Let’s get right to it: Razorthorn Security helps organisations achieve and maintain PCI DSS compliance through expert consultancy, gap analysis and preparation for formal assessment and has been recognised by Gartner as a market leader in PCI DSS QSA services. If you’re handling payment card data, you’ll need qualified support to navigate the 500+ controls that PCI DSS demands.

On February 2, 2026, the Notepad++ open source project disclosed new details about a supply chain compromise that impacted its update delivery infrastructure between June and December 2025. The attack was attributed to state-sponsored threat actors with links to China. In this campaign, the threat actors had gained access to a third-party hosting provider used by Notepad++ to distribute updates.

Artificial intelligence (AI) is no longer an experimental capability in cybersecurity; it is foundational to modern security operations. Organizations are operating in environments defined by cloud-first infrastructure, remote and hybrid workforces, SaaS sprawl, and identity-centric attack patterns. At the same time, threat actors increasingly rely on automation and AI to accelerate reconnaissance, credential abuse, and post-compromise activity.

If one autonomous agent is useful, it is natural to ask whether many agents working together could be dramatically more effective. Over the last few weeks, the AI community has been testing this idea in practice by running large numbers of agents in coordinated swarms. The early results are clear: swarms can be far more capable than individual agents, but only under the right conditions.

Article updated and refreshed February 3rd, 2026. Because the tools you’ve deployed aren’t the same as the ones you’re using. Security teams today aren’t short on tools. Most environments are packed with security controls—spanning email, identity, network, endpoint, and cloud. But despite this abundance, risk remains stubbornly high. Attacks continue to land. Exposure persists. The problem isn’t the absence of controls. It’s the lack of control over the controls.

Article updated and refreshed February 3rd, 2026. When ideal controls aren’t possible, intentional alternatives help reduce exposure. Most security teams know what the “right” controls look like on paper.But real-world environments rarely match the blueprint. Between legacy systems,limited staffing, and overlapping tools, the gap between what’s ideal and what’s feasible is often wide. That’s where compensating controls come in. They aren’t shortcuts.

Modern network surveys provide a structured, repeatable way to uncover the true state of complex environments without intrusive installs or prolonged approvals. This blog explains how Forward Enterprise enables fast, accurate baselining and why understanding actual network behavior is foundational to modernization and mission assurance.

Detectify Internal Scanning is an internal vulnerability scanning solution that brings Detectify’s proprietary crawling and fuzzing engine behind your firewall. Built for AppSec and DevOps teams, it enables authenticated testing of internal applications, admin panels, staging environments, and microservices, all from a single, unified platform. Teams can now monitor both internal and external vulnerabilities side by side, without slowing down release cycles.

Aikido Package Health surfaces the true health of an open source package with a single score. It helps devs understand stability, maintenance quality, and supply-chain risk before installing a dependency. Aikido Package Health is a public service that assigns a clear Health Score to open source packages. It gives you an honest signal about which dependencies are well-maintained and safe to adopt, and which ones might need extra scrutiny before you pull them into your project. The goal is simple.