Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Just-in-time (JIT) access isn’t easy. This Reddit thread of cybersecurity pros surfaces many of the most common JIT headaches — and you may be encountering those same challenges yourself. As noted in the thread, no users should be “swimming in access”, especially as standing privileges and over-permissioned accounts continue to be a major source of breaches. The truth is, many JIT models struggle to keep up with today’s fast-moving, cloud-native environments.

Modern infrastructure is already complex, characterized by distributed environments, multi-cloud deployments, and dynamic change. Now add Large Language Models (LLMs) to the mix, and the challenge grows exponentially. Engineering leaders are under pressure to deliver innovation fast, while also safeguarding against breaches, misconfigurations, and human error. That’s why initiatives like eliminating static credentials, enforcing just-in-time access, and reducing SSH key sprawl are gaining traction.

Is your team's favorite new productivity tool also your biggest data leak waiting to happen? Generative AI (GenAI) assistants like ChatGPT, Microsoft Copilot, and Google Gemini have quickly moved from novelty to necessity in many workplaces. These tools use machine learning and advanced algorithms to help employees draft content, analyze data, and even write code faster than ever before.

The best way to understand real-world attacks is to observe them in the wild. Following this principle, our research team set up a decoy Kubernetes workload designed to attract malicious actors – a honeypot in a Kubernetes cluster we named the “Honey-pod.” Inside this pod, we deployed Apache Druid, a popular open-source analytics database known for its scalability and, unfortunately, for a history of exploitable vulnerabilities.

Databases are an integral part of modern IT infrastructure and power almost every modern application. After all, databases store the persistent information that applications run on. That’s why monitoring these databases is crucial: ensuring system health and performance and forming a vital component of any observability practice.

Safepay is a newcomer to the ransomware landscape. Since its first published attack in October 2024, the group has attacked over 50 organizations worldwide. SafePay maintains a dark web blog and a presence on the TON network for victim communications. The group employs the increasingly common double extortion model, combining data encryption with the theft of sensitive information to pressure victims into payment.

A new report from Sophos found that ransomware attacks accounted for over 90% of incident response cases involving medium-sized businesses in 2024, as well as 70% of cases involving small businesses. “While the overall number of incidents in 2024 was slightly down—in part because of better defenses and the disruption of some major ransomware-as-a-service operators—ransomware-related crime is not fading away,” Sophos says.

According to our independent survey of individuals across the UK, USA, Netherlands, France, Denmark, Sweden, the DACH region, and Africa who use a laptop as part of their work, 90.1% find simulated phishing tests relevant. What’s more, 90.7% agreed that these simulations improve their awareness of real phishing attacks.

Imagine this: a customer clicks a paid search ad that looks exactly like your brand—same logo, same layout, even your brand tone. They enter their login credentials, maybe their payment details… and they’ve just handed everything over to a scammer. This is domain spoofing in 2025. And it’s scaling faster than most businesses are prepared for.

Welcome to the 2025 Identity Security Landscape rollout—and to the “it’s complicated” phase of our relationship with AI. Each year, CyberArk surveys security leaders across the globe to understand their top identity security concerns. This year, AI delivered the trifecta: attack weapon, defense tool and risk multiplier.