Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A brute force attack is a method cybercriminals use to guess login credentials through repeated attempts until one works. It’s a simple idea that’s evolved into one of the most persistent enablers of account takeover (ATO). According to the 2024 Verizon Data Breach Investigations Report, brute force and credential-stuffing techniques accounted for nearly 70% of all password-related breaches that year, underscoring how these attacks remain a dominant entry point for ATO.

AI agents aren’t waiting in the wings anymore. They’re approving payments, spinning up cloud resources, and pulling sensitive data at machine speed. Blink, and a swarm of them has already acted a thousand times before anyone can check the logs. But with all that speed and capability comes risk. For many teams, it’s the authentication model—not the tech—that’s breaking.

I have never been one to jump on most technology bandwagons early; I am very pragmatic about what technology can do rather than what it promises. This extends to generative AI. I was not the first to play with ChatGPT and Gemini when they came out in the early 2020s. Maybe it’s because I work in fields that use machine learning very effectively. Even though I was aware of the leap Google made in 2012, I wasn’t eager to dive into the new wave of AI when it first appeared.

A phishing campaign is impersonating Google Careers to target job seekers, according to researchers at Sublime Security. “The scam is simple,” the researchers write. “An adversary sends an ‘are you open to talk?’ message impersonating an outreach email from Google Careers. If the target clicks the link, they’re taken to a landing page designed to look like a Google Careers meeting scheduler. From there, they’re taken to the phishing page.

In early September 2025, attackers used a phishing email to compromise one or more trusted maintainer accounts on npm. They used this to publish malicious releases of 18 widely used npm packages (for example chalk, debug, ansi-styles) that account for more than 2 billion downloads per week. Websites and applications that used these compromised packages were vulnerable to hackers stealing crypto assets (“crypto stealing” or “wallet draining”) from end users.

For organizations in air-gapped environments with no external network connection, implementing the latest search and AI technology can be challenging, often to the point of impossibility. However, Elastic’s customers in highly sensitive industries, such as national security and defense, have relied on Elastic’s agile technology for over a decade, trusting it for mission-critical use cases in air-gapped environments or even on tech kits.

The era of agentic commerce is coming, and it brings with it significant new challenges for security. That’s why Cloudflare is partnering with Visa and Mastercard to help secure automated commerce as AI agents search, compare, and purchase on behalf of consumers. Through our collaboration, Visa developed the Trusted Agent Protocol and Mastercard developed Agent Pay to help merchants distinguish legitimate, approved agents from malicious bots.

Cybercrime is growing at a rapid pace. Although there are security products available to counter different cyber threats, managing too many security products can be a daunting task. It’s neither easy nor cost-effective to manage numerous separate security products. Organizations are looking for ways to consolidate multiple security functions into a single network security appliance because it is easier to manage and is more cost-effective.

Earlier this year, we showcased how the Foundation-Sec-8B model’s chat capabilities can be leveraged within the Splunk App for Data Science and Deep Learning (DSDL) to summarize security events and provide detection suggestions. Building on its robust security expertise, Foundation-Sec-8B also supports zero-shot classification for a wide range of security tasks.