Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2025, AI is further transforming how software is built—accelerating code generation, testing, and deployment. But while it boosts speed and productivity, AI-driven development introduces new risks that developers and security teams can’t afford to ignore. To secure this next-gen development environment, organizations must understand the evolving threat landscape and adopt smarter, more integrated security strategies.

Threat actors don’t just try to gain access to an organization by targeting a single area of their environment. In today’s complex, connected IT environments, threat actors are utilizing multiple techniques, maneuvering through various parts of an organization’s attack surface, and launching sophisticated attacks across multiple components of the IT environment – from identity to endpoint to the cloud and beyond.

In today's cybersecurity landscape, organizations face an ever-present and often underestimated threat: human risk. Despite significant advancements in technological defenses, human error remains a leading cause of data breaches and security incidents. Multiple industry studies and research reports consistently show that between 70% and 90% of data breaches involve some form of human related cause - whether through social engineering, errors or misuse.

Researchers at Hoxhunt have found that AI agents can now outperform humans at creating convincing phishing campaigns. The researchers state that in 2023, AI-powered phishing was 31% less effective than humans. In November 2024, it was 10% less effective than humans. Then in March 2025, the AI was 24% more effective than humans.

Swissport International AG is the world’s largest ground-handling company, ensuring seamless operations across 276 airports in 45 countries handling approximately 247 million airline passengers per year, as of the end of 2024. That kind of scale brings complexity. For Swissport’s new IT leadership, that complexity had grown into an unsustainable mix of legacy security controls, fragmented remote access solutions, and painfully slow troubleshooting. Then came the shift.

Privileged accounts provide access to an organization’s most sensitive data and systems. The top challenges in managing privileged accounts include a lack of visibility, inconsistent access control policies, weak password management practices and inadequate incident response plans. Continue reading to learn seven common challenges organizations face when managing privileged accounts, and how to overcome these challenges with the help of a Privileged Access Management (PAM) solution.

When it comes to password managers, there are a few common misconceptions, such as them being too risky to trust, vendors being unable to handle outages, the risk of device-side attacks and them being considered a single point of failure. High-profile security incidents have brought into question the security of using password managers; however, cybersecurity experts, organizations and government agencies continue to recommend them as a best practice.

Over the past several days, the cybersecurity community has watched closely as uncertainty swirled around the future of the MITRE-run CVE (Common Vulnerabilities and Exposures) program following a letter to its board of directors that its federal funding could abruptly end. As of this blog posting, news outlets like Reuters are reporting that a last-minute extension has been granted, providing temporary relief.

With DHS ending MITRE’s CVE funding, the future of global vulnerability tracking is uncertain. Here’s what it means for security teams and what comes next.

New attack combines credential phishing and malware, Hunters International pivots to data extortion, and ransomware remains a top threat.