Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Source code management (SCM) and CI/CD pipelines have become the industry standard for automating software delivery. But from the time a code change enters your SCM until it’s deployed, it’s susceptible to changes and reconfigurations that can go so far as to modify the pipeline itself. If you’re not proactively securing your CI/CD system, attackers can use it to grant themselves permissions, access secrets, and ship malicious code.

VMware costs are climbing. Broadcom’s acquisition reshuffled licensing terms, and IT teams everywhere are looking for a way out. SUSE Virtualization is one of the options getting serious attention, and for good reason. It’s an open-source, Kubernetes-native platform that runs virtual machines and containers in a single environment instead of forcing you to manage two separate stacks.

NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.

Most cloud services today are available to customers based on what is known as the “shared responsibility model”. This applies to Microsoft 365 services and apps. Although Microsoft 365 data is stored in the cloud, this user data should be backed up by the customers. This blog post explains why you should back up Microsoft 365 data, backup features, challenges, and how to back up Microsoft 365 effectively.

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.

The AI SOC has arrived. According to the 2026 AI SOC Leadership Report, 94% of organizations are using AI in the SOC in some capacity. The question in 2026 is no longer whether to adopt AI-driven SOC automation, but rather how to do so. Is the architecture behind that adoption actually working?

Voice phishing (vishing) overtook email-based phishing as a top initial intrusion vector in 2025, according to a new report from Mandiant. Notably, vishing is live and interactive, giving the attacker more control over the social engineering objectives. “While email phishing often relies on volume and opportunistic delivery, interactive methods involve a live person steering the conversation in real-time,” Mandiant says.

New age mandates continue to emerge across the world. For product managers, compliance officers, and legal professionals responsible for implementing age assurance, understanding internationally recognized frameworks is essential. ISO 27566 and IEEE 2089 are the two leading internationally recognized standards for age assurance referenced by regulatory bodies creating guidelines for recent age mandates. While both standards address age assurance, they serve complementary purposes.

TLDR: We attended Cyber Security 2026: Kritisk infrastruktur in Stockholm, and the reality check was simple: “breakout time” has hit a record low of 29 minutes. If you’re still scanning monthly, you’re defending a version of your infrastructure that doesn’t exist anymore. The time it takes for an attacker to move after a breach has dropped to just 29 minutes. In 2021, we talked about a “breakout time” of 100 minutes. Today?