Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI adoption is accelerating at an unprecedented rate. A recent McKinsey survey found nearly 80% of enterprises now regularly use generative AI, outpacing the early adoption of both the personal computer and the public internet. Agentic AI—autonomous agents capable of planning, reasoning, and acting on a user’s behalf—has likewise moved from pilots to production, with 79% of senior executives reporting adoption.

Last month, we brought together some of the brightest minds in cybersecurity for our Data Defense Forum event. As someone who's been in the trenches of data security for years, I walked away from these conversations with a renewed sense of urgency and optimism about where we're headed.

Phishing campaigns are often misunderstood. They are not about catching employees doing something wrong. Instead, they are a safe environment to practice the right behaviors.

Phishing remains one of the most persistent cyber threats in the digital age. These attacks trick individuals into revealing sensitive information—like passwords, account numbers, or personal details—through emails, texts, or calls that appear to be legitimate.‍ Despite major advances in cybersecurity, attackers continue to refine their tactics.

Authentication issues seem like low-level attacks. But authentication today – especially API authentication – can be more difficult than people expect. Companies rely on APIs to carry sensitive information every day. If access to those APIs is not properly secured, all the sophisticated security solutions companies use to protect their data elsewhere are completely undermined.

We’re thrilled to announce that Snyk has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Application Security Testing (AST)! This recognition, based on our vision and ability to execute, validates our core mission: to empower developers to build securely from the start while giving security teams complete visibility and comprehensive controls.

As Jaguar Land Rover (JLR) announces a return to operations after a six-week disruption, a lengthier, less publicised UK-based cyber-attack recovery remains unresolved. Perhaps the relative quiet is because Colt Technology Services, a critical connectivity and trading network serving major banks and stock exchanges in ~30 countries, is not a household name like JLR, Co-Op, or M&S. Or perhaps it’s because the narrative doesn’t fit the now-expected Scattered Spider storyline.

The Department of War’s (DoW) new Cybersecurity Risk Management Construct (CSRMC) marks a watershed moment for cyber defense. This move confirms that static, checklist-based security is obsolete. To defend against modern threats, organizations must adopt the continuous and proactive posture management approach experts have been recommending for years.

CISA Emergency Directive 25‑03 mandates that federal civilian executive branch (FCEB) agencies immediately identify and mitigate vulnerabilities in Cisco ASA and Firepower devices. The vulnerabilities, which affect SSL VPN components, can be exploited by attackers to gain unauthorized access and pivot across networks. CISA’s actions are based on observed exploit activity in the wild and the critical role these devices play in public sector infrastructure.