Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Identity-related threats are draining time and resources faster than security teams can keep up. The challenge is no longer just about stopping breaches; it’s about keeping up with the scale of alerts and risks. On average, organizations spend 11 person-hours investigating each identity-related security alert. Meanwhile, credential theft has soared 160% in 2025, making privileged accounts and non-human identities (NHIs) a prime target for attackers.

Headless commerce is changing the way e-commerce businesses operate, offering them more flexibility and performance. For Shopify merchants, using Shopify Headless Commerce with Hydrogen means more design freedom and faster storefronts. But don’t overlook one crucial element: Single Sign-On (SSO).

The regulatory landscape for AI and privacy reached a turning point in 2025. The headlines are familiar: laws multiply, consumer expectations harden, and enforcement accelerates. What is different this year is the shift from occasional audits to always-on proof. Regulators and enterprise customers want to see working controls inside your pipelines, not just policy PDFs.

A critical security vulnerability (CVE-2025-10035) has been identified in GoAnywhere MFT, a widely used file transfer solution developed by Fortra. This software is commonly deployed to securely transfer sensitive data such as financial records, HR files, legal documents, and personally identifiable information (PII). Currently, CVE-2025-10035 is rated at a 10.0 (critical) on the CVSS scale and a 9.23 out of 10 on Bitsight’s Dynamic Vulnerability Exploit (DVE) scale.

One unmanaged machine identity—whether a TLS certificate, SSH key, code signing certificate, or API secret—that’s all it takes to crash your website, halt transactions, and leave customers complaining about you in the comments. No one is immune. In fact, 83 percent of organizations have experienced a certificate-related outage in the past 24 months. Even tech giants recently made headlines after expired renewals triggered hours of downtime and millions in lost revenue.

Back before live security video feeds in homes, people would walk around at night checking to make sure they locked every window and door. They took these precautions because they knew that a single open lock gave burglars an opportunity to steal from them. For organizations, vulnerability management programs are a way to lock the doors against cybercriminals.

No principle is more frequently praised yet ignored than the principle of least privilege in cybersecurity. It’s the equivalent of locking your server room but handing everyone the master key “just in case.” Considering the current threat landscape, which is rife with credential leaks, ransomware, insider incidents, and careless automation, complacency is not only costly but also dangerous. And above all, reckless.

Ben Reardon, Lead Researcher Corelight Labs / NOC crew I'm a researcher on the Labs team at Corelight and, for me, working in the Black Hat Network Operations Center (NOC) at the USA show in Las Vegas is up there as one of the most interesting and intense activities on the calendar.