Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’re a SonicWall partner, chances are 2025 tested your patience, and your margins. Between high-profile breaches, unexpected price increases, and strategic pivots that created more confusion than clarity, many partners were left absorbing the fallout while working harder for less return. As the security landscape continues to evolve, partners deserve a platform that simplifies operations, protects customers, and supports sustainable growth.

AI agents connect to APIs, execute code, move data, and make decisions with real permissions in live production environments — introducing a new class of security risks. To help organizations stay ahead, the OWASP GenAI Security Project released the OWASP Top 10 for Agentic Applications 2026. In this post, we’ll provide a summary of each agentic AI risk category defined by OWASP, along with actionable next steps to begin securing your agentic AI projects in 2026 and beyond.

As with previous years, we asked identity and fraud experts to reflect on the closing year and share a few predictions for the next. You’ll get unique perspectives from fraud fighters, researchers, and an executive. We asked them about unexpected fraud trends, which tactics will become more valuable, leadership’s changing perceptions, and AI, of course. But we kicked things off with a lighthearted question.

In December 12, 2025, Arctic Wolf began observing intrusions involving malicious SSO logins on FortiGate appliances. Fortinet had previously released an advisory for two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) on December 9, 2025. Arctic Wolf had also sent out a security bulletin for the vulnerabilities shortly thereafter.

In 2025, many of the long-standing cloud security concerns remained, but new areas of focus also developed. The significant increase in AI adoption enabled organizations to deliver features faster but also introduced new attack surfaces, such as untrusted or unpredictable user input for large language model (LLM) applications. At the same time, long-lived credentials and vulnerabilities in third-party packages continued to expose cloud environments to risk.

Non-human identities have become one of the most overlooked yet exploited attack surfaces in the modern enterprise. NHIs are entities that interact with systems and services but are not tied to a physical user. As organizations expand across hybrid and multi-cloud environments, thousands of machine-based identities are silently running critical operations, yet most are unmanaged, invisible and vulnerable to abuse.

According to ConductorOne’s 2024 Identity Security Outlook Report, 24% of security leaders say keeping up with new technological advances and attack vectors is their biggest obstacle. Addressing this challenge requires modern solutions that can adapt quickly, centralize visibility and protect privileged access.

Buffalo, NY — December 15, 2025 — Sedara, a managed security services provider delivering comprehensive cybersecurity solutions for organizations of all sizes, today announced it has been ranked on the MSSP Alert 2025 Global Top 250 Managed Security Service Providers (MSSPs) list. This marks the fifth year Sedara has been recognized as a Top 250 finalist, highlighting the company’s continued presence among leading cybersecurity service providers worldwide.

When Kenna launched more than a decade ago, it reshaped an industry that had grown numb to vulnerability overload. Back then, vulnerability management meant looking at mountains of CSV files, scanner reports, and a never-ending backlog of unprioritized issues. Kenna introduced the idea that risk instead of raw counts should determine what gets fixed first. For many security teams, it was the first time they realized they didn’t have a vulnerability problem.

At Pentest People, we’ve always said that technology alone cannot secure an organisation. Firewalls, patching programmes, penetration testing and vulnerability management are all crucial but the reality is that your people remain both your organisation’s greatest asset and one of its most exposed security controls. In fact, while organisations continue to mature their technical controls, awareness training is often where programmes fall behind.