Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Helping you stay secure and productive is why we do what we do at 1Password. Whether it’s managing sensitive information across devices or streamlining your day-to-day workflows, you need to protect what matters most, at home and at work. Every day, your feedback helps us find ways to improve 1Password so we can better fit your needs. And with every release, we aim to bring you more features you’ll love.

Last year, we introduced 1Password SDKs — production-ready, open source libraries for Typescript/JavaScript, Python, and Go — to support secure access to secrets stored in 1Password. Today’s release expands those capabilities to provide full programmatic access to 1Password items, including creating, reading, updating, deleting, listing, and sharing information stored in vaults.

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.

CrowdStrike Falcon Cloud Security now delivers real-time detections for AWS IAM Identity Center, helping organizations detect and respond to identity-driven cloud threats before they escalate. A few months ago, we released CrowdStrike Falcon Identity Protection support for AWS IAM Identity Center to help organizations detect and stop identity-based attacks before they could reach the cloud control plane.

Read also: A phishing gang used malware to alter property records, a scammer faces 20 years in prison for remote access fraud, and more.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! We all know about Let’s Encrypt transition to reduced cert lifespan, but now for main stream…

Linux servers have become widely adopted across organizations of all sizes. However, the frustrations of integrating these servers have left organizations struggling to implement strong security procedures, which cyberattacks have exploited for years. For instance, the “perfctl” malware family has been targeting Linux servers and attempting to escalate privileges for over three years.

We are thrilled to announce the general availability of the Tanium Integrations Gallery for Tanium Cloud. This new capability enables users to seamlessly discover, deploy, and manage joint solutions and integrations within the Tanium platform, all without requiring deep technical expertise.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we will explore ways to increase endpoint security in your organization.

Generative AI has gone from a novelty to an essential part of daily workflows across all teams at an organization. Whether it’s ChatGPT, Microsoft Copilot, Claude, or Google Gemini, employees are using chatbots to copy, paste, summarize, and query data at a pace and scale we have never seen before. Unfortunately, data security has not been a fundamental feature of generative AI as the technology’s popularity and functionality has exploded.