Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every conversation I have with security leaders about enterprise AI security eventually arrives at the same place: a description of what they've extended. Their data loss prevention tool now flags sensitive data going into prompts. Their SIEM is ingesting AI platform logs. Their cloud security team has added model endpoints to their coverage scope. For many teams, this represents real effort and real progress.

Server backup is one of the most important services managed service providers (MSPs) deliver. Clients rely on servers to run core applications, store critical data and keep daily operations moving. When a server fails, data is deleted or ransomware disrupts systems, clients expect their MSP to recover quickly. That makes the choice of an MSP server backup tool critical. The best server backup for MSPs is not just a utility that copies data.

NGINX administrators are facing back-to-back emergency patch cycles. Within days of each other, two critical heap buffer overflow vulnerabilities were disclosed in the same NGINX component, both capable of crashing worker processes and enabling remote code execution on systems without ASLR. If your organization runs NGINX in any capacity, these need immediate attention.

Your security team has hardened your perimeter. You have MFA enforced, endpoint detection running, and your crown-jewel systems are locked down tight. Then a vendor you onboarded two years ago, a mid-size SaaS tool your procurement team signed off on, gets breached. They had access to your customer data. Now it is your problem. This is the third-party risk problem in one paragraph. And it is why TPRM has moved from a compliance checkbox to a board-level conversation.

In May 2026, Arctic Wolf observed a cluster of malicious activity affecting endpoints managed by FortiClient Endpoint Management Server (EMS). The malicious payload was disguised as a fake Fortinet endpoint patch, but it was actually a credential stealer. We named this payload EKZ Infostealer, based on internal symbol names extracted from decrypted code.

Organizations pursuing CMMC Level 2 readiness are discovering that the hardest challenges sit not in the controls themselves, but in operationalizing them consistently across administrative access, identity enforcement, and audit visibility.

Most malware analysis workflows follow the same pattern: run a set of tools, manually review the output, build detection rules from memory, and repeat. It's reliable, but slow, and for MDR and MSSP teams handling volume, delays have a cost. In this workshop, LimaCharlie Senior Solutions Engineer Chris Botelho demonstrates a faster path: using Claude Code with LimaCharlie's reverse engineering environment to triage, analyze, and build detections against a real malware sample pulled from Malware Bazaar.

There's a new playbook in the supply chain threat landscape, where an someone builds something genuinely useful, growing a real user base. But all while stealing credentials. codexui-android is a remote web UI for OpenAI Codex. Real GitHub repo. Active development. Polished enough to get 27.000 weekly downloads. And for the past month, every single invocation has been quietly exfiltrating your Codex authentication tokens to an attacker-controlled server.

Imagine this: your security team has done everything right. All development teams are using a centrally managed artifact repository with scanning in place. Your engineering organization has clear policies about where packages can come from. You feel good about your software supply chain posture. Then an incident review surfaces something nobody planned for: a compromised npm package entered your environment.

AI inherits the access permissions that accumulated quietly in organizations for years. Frontier models eliminate the obscurity that once limited what attackers, and even employees, could reach. Sensitive data, stale service accounts, and unreviewed permissions now surface in seconds. Governing identity and access before connecting AI determines whether frontier models become a force multiplier or a compounding risk.