Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Digital Operational Resilience Act (DORA) introduces a unified framework for managing ICT risk across the European financial sector, with key requirements, including penetration testing, coming into force in 2026. Its aim is to ensure that regulated organisations, and the critical third-party providers they rely on, can withstand, respond to and recover from operational disruptions. Within this context, operational resilience and robust ICT risk management become central to regulatory expectations.

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo Your SOC received 10,000 alerts yesterday. How many were real threats? Most SOC teams operate in a constant state of triage. Alerts pour in from dozens of tools, each one demanding attention, each one potentially critical. The reality? Your analysts are making high-stakes decisions about which alerts to investigate based on gut instinct and whatever time they have left in their shift.

Jan 13, 2026 Vibe Coding and GenAI Security: Balancing Speed with Risk Read More Natalie Tischler Jan 8, 2026 Top 10 Challenges in DevSecOps Adoption Read More Natalie Tischler Jan 6, 2026 Looking Ahead at 2026 with Gartner: How Smarter Teams and Tools Are Making Application Security a Breeze Read More Joe Ariganello.

We just published the CertKit roadmap.

In conversations about AI, there’s a tendency to treat the future like a horizon we’re walking toward, always somewhere ahead, always a question of when. But if we look closely, the forces reshaping work, identity, and security beneath the surface are far more consequential than most people realize. More importantly, that reshaping is already happening.

For fraud fighters, link analysis tools like Persona’s Graph are becoming essential for stopping account sharing, deepfakes, identity mules, and other forms of sophisticated or scaling fraud attacks. Since we launched Graph in early 2023, we’ve spent countless hours gathering feedback from customers, investigating the latest fraud vectors, and testing new technology. Graph is a better product as a result, and we want to share six improvements that are helping fraud fighters today.

Security professionals often compare their jobs to a game of “Whack-a-Mole,” the arcade game where players try to hit little plastic moles on the head. The moles pop up in a randomly generated way, making it difficult to predict which one will show its little head next.

For a long time, cybersecurity has been built around two basic actions: detecting and responding to cyber threats. However, automated attacks, advanced malware, and AI-driven threats show that reacting is no longer enough. Today’s attacks move fast, and in most cases, the damage is already done by the time they are detected. This is nothing new: organizations need to get ahead of risk and protect their systems before incidents occur.

Fast-paced changes in technologies, regulations, and growth expectations can quickly shift your risk environment. Without a structured approach to managing these risks, even the most innovative organizations can face costly disruptions, security incidents, and compliance missteps.

In 2026, incident response (IR) will continue its shift away from traditional malware-centric investigations toward identity-driven intrusions, abuse of trusted cloud services, and low-signal, high-impact activity that blends seamlessly into normal business operations. Rather than relying on technical exploits, threat actors are prioritizing legitimate access, persistence, and operational efficiency, enabling them to evade users, security controls, and automated detection.