%term

Understanding continuous threat exposure management (CTEM)

May 22, 2026 By Tanium In Tanium

Continuous threat exposure management, or CTEM, is a five-stage program framework for continuously reducing real-world security exposure. It builds on vulnerability scanning by adding risk-informed prioritization, validation of exposure conditions and control effectiveness, and cross-team mobilization to drive remediation.

Read Post

Tanium

Read more about Understanding continuous threat exposure management (CTEM)

GenAI security management: Governing apps, agents and MCP servers through central policy

May 22, 2026 By Acronis In Acronis

Author: Alexander Ivanyuk, Senior Director, Technology Generative AI in business is no longer just one chatbot in one browser tab. In many environments, it is already a mix of web-based AI apps, built-in assistants inside larger platforms, internal agents created for specific workflows and model context protocol (MCP)-connected tools that let AI reach documents, services and business systems beyond the model itself. That changes the conversation completely.

Read Post

Acronis

Read more about GenAI security management: Governing apps, agents and MCP servers through central policy

CMMC Affirming Official: FCA Liability Explained

May 22, 2026 By Dan Page In Ignyte

CMMC is one of the most modern cybersecurity frameworks out there, and while it’s limited to just the Department of Defense contractor chain, it’s still very important to know about it if you’re part of that ecosystem. After all, over 300,000 organizations are part of the defense ecosystem and DIB. The point of CMMC is simple: securing controlled unclassified information and federal contract information from top to bottom in the defense supply chain. The details are not so simple.

Read Post

Ignyte

Read more about CMMC Affirming Official: FCA Liability Explained

SecurityScorecard Weekly Brief: The Driftnet Edition on Critical Infrastructure - Gilad F. Maizles

May 22, 2026 By SecurityScorecard In SecurityScorecard

In this week’s Weekly Brief: The Driftnet Edition, Cyber Researcher Gilad F. Maizles breaks down new SecurityScorecard research powered by the company’s acquisition of Driftnet, exposing widespread internet-facing risk inside a U.S. municipal utility provider that also operated as the town’s ISP. “Threat actors will always target the lowest hanging fruit.” Using the Driftnet engine, SecurityScorecard identified significantly more internet-facing services and attack paths than traditional methodologies.

View Video

SecurityScorecard

Read more about SecurityScorecard Weekly Brief: The Driftnet Edition on Critical Infrastructure - Gilad F. Maizles

Why the GitHub Breach is a ZSP Wake-Up Call

May 22, 2026 By Craig Lowell In Apono

A GitHub breach occurred on May 18, 2026 when a threat actor called TeamPCP pushed a malicious version of Nx Console (a widely used VS Code extension with 2.2 million installs) to Microsoft’s official Visual Studio Marketplace.

Read Post

Apono

Read more about Why the GitHub Breach is a ZSP Wake-Up Call

Analyze SMS phishing with an AI agent in Tines

May 22, 2026 By Tines In Tines

Automate SMS phishing triage with AI — employees upload a screenshot, and Tines handles the rest in under 5 minutes. When employees forward suspicious texts, security teams still have to manually review screenshots, extract indicators, and route cases. This Five Minute Flow shows how to automate the entire process using the Tines AI action with Claude Sonnet — from employee submission to SOC case creation, IOC enrichment, and escalation when multiple employees report the same threat.

View Video

Tines

Read more about Analyze SMS phishing with an AI agent in Tines

AI Alone Won't Stop the Breach: Why Email Security Needs Humans-on-the-Loop

May 22, 2026 By Haylea Reiner, MBA In KnowBe4

2026 has officially become the year of speed, scale and support. The delta between a phishing email landing and a full organizational compromise has shrunk to mere seconds. The reality by the numbers: To close this window, your defense strategy must evolve into a two-step strategy of accuracy and automation.

Read Post

KnowBe4

Read more about AI Alone Won't Stop the Breach: Why Email Security Needs Humans-on-the-Loop

How Agentic AI and Automation Are Changing Cybersecurity

May 22, 2026 By Erich Kron In KnowBe4

There is no question that AI is changing cybersecurity in a massive way. In many respects, its impact is comparable to the rise of the internet. AI tools are helping organizations improve efficiency, automate repetitive tasks, and process data at a speed humans simply cannot match. Unfortunately, the same technology helping defenders is also being adopted by cybercriminals just as quickly. For cybersecurity professionals, keeping up with AI and agentic developments is no longer optional.

Read Post

KnowBe4

Read more about How Agentic AI and Automation Are Changing Cybersecurity

Tranche 2 Australia: Who's affected and how to comply

May 22, 2026 By Shana Vu In Persona

On 1 July 2026, Australia's Tranche 2 reforms take effect. If you're a lawyer, accountant, real estate agent, conveyancer, precious metals dealer, or trust and company service provider, this deadline likely applies to you. Tranche 2 extends Australia's AML/CTF obligations to approximately 100,000 businesses that were previously unregulated.

Read Post

Persona

Read more about Tranche 2 Australia: Who's affected and how to comply

How to Prevent Credential Stuffing Attacks: Beyond MFA and Rate Limiting

May 22, 2026 By Ezra M. In Memcyco

Most organizations think MFA and rate limiting are enough to stop credential stuffing. They aren’t. Attackers have adapted, and the controls that worked five years ago are now routinely bypassed using residential proxy networks, low-and-slow automation, and real-time session token interception.

Read Post