Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As the foremost email storage and communications platform, Gmail’s free web-based services have penetrated every market and niche. Billions of people and organized groups depend on the company to provide email storage, organization, and integration. Considering its core importance within almost everyone’s life, there is a high anticipation that its security measures are of the highest caliber. Unfortunately, the corporation was recently the victim of a data breach.

It wasn’t long ago that we uncovered compromised extensions on Open VSX. Now, a new wave of attacks is emerging, and all signs point to the same threat actor. The technique will sound familiar: hidden malicious code injected with invisible Unicode Private Use Area (PUA) characters. We first saw this trick back in March when npm packages used PUAs to conceal payloads. Then came Open VSX. Now, the attacker seems to have turned their sights on GitHub, and their methods are evolving.

Public sector organizations face sophisticated, persistent threats — 38% of public sector organizations say their cyber resilience is insufficient compared to 10% of medium to large private businesses. With sensitive data and critical infrastructure at stake, agencies need tools that enable proactive detection and rapid investigation, all while keeping data inside a secure boundary.

We’re excited to share new updates and enhancements for October, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

The rapid scale of AI development and deployment has introduced a number of unprecedented privacy and compliance challenges for enterprises. IT and compliance teams are looking for solutions that address these concerns without affecting AI adoption. Tokenization has for long been the solution for protecting sensitive data. However, to implement it correctly, it is critical to understand which type fits best – both protect PII but differently.

Organizations running containerized environments face complex security challenges as they scale Kubernetes and adopt dynamic, ephemeral infrastructure. Traditional security tools often miss activity inside containers, making it difficult to detect policy violations or threats at runtime. Falco is a runtime security monitoring tool for containerized infrastructure.

AI agents are moving into the enterprise at full speed. They’re writing code, running analyses, managing workflows, and increasingly shouldering responsibilities once trusted to humans. The opportunity is enormous, but so is the risk. Over-reliance, over-trust, and a lack of guardrails create dangerous fragility. When things go wrong—and they will—enterprises can face three inevitable “panic” moments: unmistakable signs of AI agent failures.

One of the biggest reasons why cybercrime is so bad — and is increasing each year —is that so much of it is committed by foreign nationals who are not physically located in the country they are attacking. This makes it far harder for law enforcement to identify, stop and arrest cybercriminals, as often the victim country’s legal jurisdictions, warrants and courts do not apply in the criminal’s country.

Recharging the battery of phones, tablets, or laptops in public places such as airports, stations, hotels, or cafés is quite normal and convenient. Everybody does it while traveling or working on the go. Most of these charging points rely on USB ports, which not only deliver power but also support data transfer. In recent years, cybersecurity authorities such as the FBI and the Federal Communications Commission (FCC) have warned users about a rising cyber threat known as juice jacking.

Organizations are moving from traditional workstations to advanced, mobile-based solutions. Hybrid working mode is on the rise, and with that, the role of phones and tablets becomes more important. Individuals now work from any location on their mobile devices. But the convenience of working on phones and tablets can turn into a serious security risk if there is no mechanism in place for securing data. This is where tools like MCM clients fill the gap.