Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The New Year is upon us and with a new year comes new changes. Cyber Santa is back with his predictions for the coming year and how cyber will evolve in the next 365 days. SecurityScorecard CISO Steve Cobb returns in his jolly red hat and white beard to shake his snow globe and see what's ahead for the cybersecurity industry in 2026 and what you need to know going into the new year. CISO responsibility, data sprawl, and AI governance are the top 3 on the list of emerging priorities.

“If you are solving problems at human speed, you are at a huge disadvantage, because your attackers are operating at machine speed.” As cyber risk – in both the financial services sector and more broadly – accelerates at the pace of automation and AI, securing our future requires practitioners to be more strategic than the threat actors after our assets.

This was a busy year for the Adversary Universe podcast. We covered the emergence of new adversaries, the weaponization of AI, critical CrowdStrike research, and how cyberattacks look in different regions of the world.

The 2025 review highlights how blame culture still drives incident hiding in cybersecurity, even as risk grows. A simple “reasonable challenge” guide, with set phrases for raising and receiving concerns, offers a practical way in 2025 to support psychological safety, early reporting and better security governance.

Security exposure doesn’t take a day off. Rain, snow or shine, environments keep changing. Controls drift. Configs break. Risk quietly piles up. Reach was founded to help organizations find and fix hidden risk and exposure. Traditional approaches surface issues — dashboards, alerts, findings — but stop short of actually fixing them.

Next up is ggshield secret scan ci, the mode built for continuous integration, not your local machine. In this section, we’ll show how CI scanning works and why it’s different. Instead of scanning your whole repo, it scans the set of commits that triggered your pipeline, whether that build came from a direct push or a pull request. That means you catch secrets at the exact moment they’re introduced, before they get merged or released.

Can an under-the-radar AI tool actually build a secure, functional CRUD note-taking app from scratch? In this video, I put GitHub Raptor Mini to the test to see if it can design, implement, and reason through a real-world CRUD application — including authentication, data handling, and basic security considerations.

The Razorwire Christmas Party 2025 episode looks at how decision culture shapes security outcomes across the year. Frontline staff need room to break the chain of command when something feels wrong, so protection in 2025 depends on people lower in the hierarchy raising hard questions and taking timely action. cybersecurity podcast, razorwire podcast, razorwire christmas party, razorthorn, 2025 cybersecurity review, decision making in security, breaking chain of command, frontline empowerment, zero trust culture, organisational trust, incident response decisions, helpdesk security, security leadership.

The 2025 year in review episode shows how advanced threat groups rely on simple steps, from infostealer credentials to AI voice tools, to work through helpdesks. Native language, fake confusion and social engineering still unlock password resets in 2025, opening the door to ransomware and double extortion across networks.

Now we’re getting to the heart of ggshield: secret scanning. In this section, we jump into ggshield secret and its two subcommands, ignore and scan. Ignore makes a lot more sense once you’ve seen scan in action, so we start by learning what ggshield can scan and why it’s so flexible across the development lifecycle. We’ll open the help menu so you can see every scan target available: ggshield secret scan -h.