Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The cybersecurity industry woke up to yet another supply chain nightmare this week. Cloudflare, one of the world's largest web infrastructure companies, confirmed that attackers accessed 104 of their API tokens through the cascading Salesloft Drift breach. This incident perfectly illustrates why modern organizations need to rethink their approach to third-party vendor security.

Quantum computing is no longer a distant threat on the horizon. It is rapidly materializing into a real, operational risk to the foundations of our cybersecurity ecosystem.

When Kubernetes workloads need to connect to the outside world, whether to access external APIs, integrate with external systems, or connect to partner networks, they often face a unique challenge. The problem? Pod IP addresses inside Kubernetes clusters are dynamic and non-routable. For external systems to recognize and trust this traffic, workloads need a consistent, dependable identity. This means outbound connections require fixed, routable IP addresses that external services can rely on.

Microsoft has also been enhancing cloud security by ensuring that multi-factor authentication (MFA) is enabled for all of its Azure and Microsoft 365 administrative accounts. The rollout will begin with Azure portals in October 2025 and progressively to command-line tools, APIs, and Infrastructure-as-Code (IaC) environments in October of that year. For organizations, it means adapting their authentication workflows to align with Microsoft’s phased enforcement plan or risk disruption.

Overprivileged non-human identities expose enterprises to massive risk. Enforcing least privilege with automation and visibility is critical for security.

At the RSAC Conference this year, it seemed that every cybersecurity company had suddenly become an agentic AI company. According to such vendors, AI agents were the solution to every security problem keeping CISOs up at night. The audience, however, was understandably skeptical. Concerns over vendor promises fell into two camps. The first camp: companies that took whatever AI capabilities they had and slapped the word ‘agentic’ on them (aka ‘agent-washing’). Or even worse.

CrowdStrike has been named a Leader in The Forrester Wave: Managed Detection and Response (MDR) Services in Europe, Q3 2025. In this evaluation, CrowdStrike received the highest possible scores in 16 criteria, including endpoint detection surface, identity detection surface, cloud detection surface, managed response: manual and automated, threat hunting, analyst experience, vision, and innovation.

Initially established in 1968, TransUnion was set up as a holding company for the Union Tank Car organization. It entered the credit reporting industry in 1969, following an acquisition of the Cook County Credit Bureau. Over time, TransUnion developed from solely credit reporting to information and insights on a global scale. The official mission of the company is to help people globally access capital and services, thereby emphasizing its role as a consumer advocate.

In our last post, we introduced the Model Context Protocol (MCP), the "brain" or "mission briefing" that guides an AI agent's actions. Most security teams are just getting familiar with prompt injection, the equivalent of tricking an AI with a single, misleading command. But that's like stopping a pickpocket at the door when a master spy is already inside, rewriting the mission plans. As AI agents become autonomous, the attacks become more profound.

Remember when we thought the application layer was where all the fun happened? Firewalls, WAFs, EDR, dashboards galore — the entire security industrial complex built around watching what apps do. Well, with “agentic AI” running the show, that middle ground is turning into a bypass lane. Instead of clicking through UIs or APIs, your AI buddy is making direct system calls, automating workflows at the OS and hardware level.