Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

At first glance, a donut is harmless, maybe even delightful. But take a bite, and you might find something unexpected inside. Raspberry? Custard? Malware? Okay, maybe not malware (hopefully), but that’s exactly how many cyber threats operate: they hide in plain sight, waiting for the moment you drop your guard. This Donut Day, we’re taking a light-hearted look at five cyber threats that appear harmless but pack a punch.

APIs are essential, but they also represent a growing and complex risk to your organization. Intricate application architectures and an ever-evolving threat landscape already make API security a constant challenge. The increasing reliance on APIs by new technologies, including AI, further amplifies this risk.

When it comes to cybersecurity, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents. Industry studies consistently show that between 70% and 90% of data breaches involve some form of human-related cause—whether through social engineering, errors, or misuse.

A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish). They quickly identified it as a social engineering attack and shared it on our internal communication channel for sharing such things. I have had more and more of these types of similar smishes occurring over the last few months. It is an attempt to trick someone into worrying that their Gemini, Gmail, Microsoft, Instagram…or whatever account…is in the middle of being compromised and you need to react NOW! NOW!

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the U.S. Department of Defense (DoD)’s updated cybersecurity compliance framework and an evolution of CMMC 1.0.

On June 4, 2025, Cisco released fixes for multiple vulnerabilities, several of which were noted to have publicly available proof-of-concept (PoC) exploit code. The most severe issue, CVE-2025-20286, affects cloud deployments of Cisco Identity Services Engine (ISE) on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).

Our latest State of Secrets Sprawl 2025 research reveals a troubling reality: the majority of leaked corporate secrets found in public code repositories continue to provide access to systems for years after their discovery.

Security breaches are increasingly expensive and harder to spot, extending beyond common attacks like phishing. Attackers are now targeting the least visible parts of your infrastructure: non-human identities (NHIs). NHIs outnumber human identities by 45:1 in cloud environments—these include service accounts, APIs, applications, and bots that interact with systems and access sensitive data.

An independent cybersecurity researcher claims to have uncovered a breach of an unnamed database containing 184 million records, with exposed information including emails, passwords, and login links. The kicker is that the database was all in plain text and required no password to access. Let’s count how many basic account hygiene rules this breaks—all of them. Yes, more snarkiness, but this type of ineptitude must be called out.