Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Securing your applications couldn’t be more important in today’s fast-moving world of software development. Organizations face mounting pressure to deliver innovative software at an accelerated pace, yet this speed must never compromise security. This is where DevSecOps becomes crucial. With threats constantly getting smarter, developers need effective tools to write secure code right from the start.

We’re thrilled to share that Zenity is included in the unveiling of the Microsoft Security Store Partner Ecosystem. The Security Store is a new marketplace offering from Microsoft that brings together trusted, curated security solutions and AI agents to help organizations navigate the evolving landscape of cybersecurity in the age of AI. The Microsoft Security Store is a strategic leap forward in how security teams discover, deploy, and operationalize technologies that protect their environments.

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

Now introducing task management for Cases!

We’re thrilled to announce that Vanta has signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to make it even easier for businesses to scale securely in the cloud. We’re expanding the reach of our compliance automation and trust management platform, enabling organizations to build stronger security programs, accelerate audit readiness, and demonstrate compliance more efficiently—all while scaling on AWS. ‍

As AI adoption grows, so do the related risks. Organizations are actively looking for strategies to secure their AI systems. According to Vanta’s State of Trust Report, 62% of organizations plan to boost investments in AI security in the next 12 months. ‍ However, another recent survey on AI governance reveals that more than half of organizations find it challenging to keep up with AI security developments.

The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This information was derived from a new SpiderLabs ransomware tracking tool that gathers information from a variety of open intelligence sources and our own proprietary research.

The 2025 GigaOm Radar Report for SecOps Automation has named Torq a Leader and Fast Mover. The category’s shift this year away from SOAR to SecOps Automation confirms what SOC leaders already know, and Torq has been saying for years: Legacy SOAR is done. Too rigid, too slow, and too fragile, SOAR can’t keep up with today’s adversaries.

Deploying Web Application and API Protection (WAAP) systems is crucial for bolstering cybersecurity defenses. Akamai reported 108 billion API attacks over an 18-month period, underscoring the value of APIs to cybercriminals. Like any new security measure, the initial deployment brings various challenges during the "Day One" process. These Day One challenges should not compromise security effectiveness or disrupt business operations.

The role of SIEM has never gone away. From the beginning, it’s been the backbone of security operations: the system where logs converge, alerts are analyzed, and incidents are investigated. What’s changed is our ability to use it correctly. Legacy, traditional SIEM tools forced trade-offs. Teams filtered data at ingest, dropped logs to control costs, or siloed analytics into disconnected point tools. The result was a SIEM that felt heavy, reactive, and underwhelming.