Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Author: Umair Ahmed, Product Marketing Manager, Security Microsoft 365 attacks do not always start with a dramatic zero-day. Many begin with something simpler: a stolen password, a malicious Office file, a user approving the wrong application, or a tenant setting that was left too permissive. For an MSP technician, the urgent question is: Even if Microsoft patched the vulnerabilities inside the platform, are my tenant configurations still exposing my clients to risk?

You’ve set up a WordPress portal for your organization. It could be used for project updates, employee resources, or internal documentation. Everything works fine until you realize each employee now has one more username and password to remember just for WordPress. People forget their logins, reuse weak passwords, or share accounts to save time. IT ends up buried under reset requests, and security takes a hit.

New research shows Microsoft Edge loads all saved passwords into memory in plain text, and Keeper Forcefield is built to protect against exactly this kind of vulnerability. A security researcher recently published a working tool called EdgeSavedPasswordsDumper that extracts credentials stored in Edge directly from the browser’s parent process memory. There is no exploit needed, just sufficient system privileges.

The Anthropic Glasswing initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners. You can find a lot of posts and reactions on social media as it is definitely a big deal that Anthropic is keeping their Mythos Preview model out of general access.

For two decades, VMware was the default answer for virtualization. It worked, it was well supported, and the commercial terms were predictable enough that infrastructure strategy could largely ignore the underlying platform and focus on workloads. Broadcom’s acquisition ended that. Perpetual licences are gone. Product catalogues have collapsed from 168 offerings into four mandatory bundles. Per-core minimums have created fixed costs for capacity many organisations don’t use.

You already know the immense value of open-source Zeek. It provides the absolute gold standard of network evidence, giving you the deep visibility required to defend your organization. You have the right strategic foundation, but the operational workload of managing a do-it-yourself (DIY) deployment at scale is likely draining your energy.

MSPs are managing more assets than ever before and often without a complete picture of what’s actually in their clients’ environments. Every unmanaged device, every unknown application, every blind spot increases exposure and limits how quickly teams can respond. The reality is simple: Asset visibility is the foundation of cybersecurity, resilience and growth. But visibility without action leaves MSPs stuck reacting instead of proactively protecting.

Every day, financial institutions move trillions of dollars on-chain. From tokenizing money market funds to settling trades on private blockchains, financial institutions are swiftly bringing capital on-chain. But the infrastructure for compliance hasn't kept up. It’s not uncommon for investors to verify for KYC multiple times just to trade across chains.

A recent open letter from the UK government on AI-driven cyber threats highlights a clear shift in the threat landscape. Cyberattacks are no longer constrained in the same way by human expertise, as advanced AI models can now help identify vulnerabilities, generate exploit code, and increase the speed and scale of attacks.