Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most teams think of data lakes as cold storage. A long-term archive. A place to keep logs “just in case” while budgets tighten and ingest volumes rise. Functional, sure. But limited. The traditional data lake keeps everything, helps occasionally, and rarely fits the way analysts work. Graylog approaches the data lake differently. In Graylog 7.0, the data lake is not a warehouse. It is a pressure release valve for teams overwhelmed by storage cost, investigation delays, and cloud data sprawl.

Starting November 10, Phase 1 of the US Department of Defense’s CMMC 2.0 program went into effect, marking the start of a phased three-year rollout. Phase 1 begins with Level 1 and 2 self-assessments and culminates with the full implementation of program requirements in Phase 4. Organizations that fail to demonstrate compliance will not be eligible to bid on U.S. Defense contracts.

We’ve all been there: you send an API request, wait for the response, and boom, you get hit with the “CORS error” pops up in your browser console. For many developers, the first instinct is to find a quick fix: add Access-Control-Allow-Origin: * and move on. However, that approach misses the point entirely. CORS isn’t just another configuration hurdle, but one of the most important browser security mechanisms ever built.

ISO 27001 is a very useful certification for just about any company operating abroad. Comparable in many ways to NIST-based frameworks like CMMC in the United States, ISO 27001 is an international standard built to help organizations of all sizes, in all industries, across all regions of the world, to obtain a high level of standardized information security.

Enterprises searching for proactive cybersecurity tools are looking for one essential outcome: stop scams before they result in credential theft, account takeover, or financial loss. This outcome is critically important because the financial stakes for failure are at an all-time high: according to IBM, the average cost of a data breach involving stolen or compromised credentials is a staggering $4.44M according.

On November 19, 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their advisory, Salesforce indicated that they had notified affected customers directly, and that an investigation is ongoing. Salesforce has not yet provided details about the full scope of the malicious activity.

Your team edits a video in Adobe, reviews slides in PowerPoint, and finalizes copy in Google Docs—all in the same week. Without application interoperability, files get stuck, projects stall, and deadlines slip. That’s why interoperability isn’t a nice-to-have. It’s the backbone of how modern teams work.

This article is part of a monthly LevelBlue series that explores the evolving world of AI governance, trust, and responsibility. Each month, we look at how organizations can use artificial intelligence safely, thoughtfully, and with lasting impact. Artificial intelligence has moved from being an experiment to becoming an expectation. It now shapes how decisions are made, how customers are supported, and how innovation happens. As AI grows in influence, so does the need to manage it wisely.

A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year. “This rise in deepfakes is part of a broader trend of increasingly sophisticated attacks driven by injection attacks, which surged 40% year-over-year,” Entrust says.

On the eve of KubeCon 2025, experts from companies like Uber, AWS, and Block shared how SPIRE and workload identity fabrics reduce risk in complex, cloud-native systems.