Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Automatic updates were supposed to make us safer. Instead, they’ve become one of the easiest entry points for supply-chain attacks. When a public repository is compromised, an attacker uploads a malicious version and waits, for 30 minutes to a few hours, before the community detects and removes it. During that window, automated tools like Dependabot can pull that version straight into production. That small window of time is enough to compromise thousands of systems.

30% of open source vulnerabilities are marked “unfixable”. Not because they can’t be fixed but because traditional tools stop there. Your customers don’t care. They just see unresolved CVEs. And they won’t sign off on software that fails a scan. That’s where the real business risk lies. In mid-size software companies, “unfixable” means delayed deals, failed audits, and lost revenue. Seal Security was built to close that 30% gap.

Hiring in 2025: Is the person you hired even real? Deepfakes resumes. Outsourced interviews. Candidates landing jobs they never intended to do. We've moved from KYC to KYE, and organizations haven't caught up yet. In the latest episode of The Connectivity Cloud Podcast, we explore how attackers are weaponizing the job market with Vladimir Krupnov and Blake Darché. For anyone in hiring, HR tech, or security leadership, this is a must-listen.

APIs, AI, and the Amplification of Security Risk A10 Networks experts Jamison Utter and Carlo Alpuerto discuss how the rise of Agentic AI is dramatically scaling up existing API security problems, creating an "amplification effect" rather than introducing fundamentally new security challenges.

Google announced Gemini 3 Pro, which they tout as their most intelligent model yet that's best for complex tasks and bringing creative concepts to life. We're going to put this model to the test and see how good it is at fulfilling our prompt with a production ready app and the security of the code it produces.

As boards face AI risk, digital transformation, and evolving regulation, technical expertise has become essential. But when it comes to board seats, CISOs or CTOs are often underrepresented. Speakers Dr. Aleksandr Yampolskiy, Co-Founder and CEO of SecurityScorecard | Beth Stewart, Founder and CEO of Trewstar Corporate Board Services SecurityScorecard monitors and scores over 12 million companies worldwide.

On the 8th night of Scam-mas, Hannah Klein almost fell for a Hanukkah online scam. See how Avast Scam Guardian blocks phishing links and protects personal data. Stay safe from holiday online scams this season! SUBSCRIBE to our Avast channel for more tips, updates, and advice: YouTube.com/Avast CHAPTER TIMESTAMPS: FOLLOW US.

This week’s briefing covers.

This week on the podcast, we go through all six of our cybersecurity predictions for 2026. For each prediction, we'll discuss the trends behind them, why we think they'll hit next year, and some takeaways for people and organizations on how to react to them in the coming year.

Everything doesn't need to be on social media. You're safer online than you think when you stay low-key. Skipping exact locations, keeping details vague... that's cybersecurity without even trying. Keep living in your mystery era. Hackers absolutely hate it.