%term

My First RSA: Agents, Challenges, and Community

Mar 31, 2026 By Kayla Underkoffler In Zenity

I am no stranger to conferences, and certainly no stranger to security conferences. Over the years, BlackHat and DEFCON have both become staples of my calendar. But this year brought a new one to the list: RSA, and it truly lived up to the hype. The show floor was full of bright lights, fancy booths, and yes, tattoos, if you knew where to find them.

Read Post

Zenity

Read more about My First RSA: Agents, Challenges, and Community

Observe-to-Enforce: How Progressive Security Policies Reduce Blast Radius

Mar 31, 2026 By Shauli Rozen In ARMO

Last Tuesday, your security architect opened a pull request to add network policies to the payments namespace. The PR sat for six days. Three engineers commented with variations of “how do we know this won’t break checkout?” Nobody could answer. The PR got marked “needs discussion” and moved to a backlog column where it joined the fourteen other security hardening tickets nobody will touch.

Read Post

ARMO

Read more about Observe-to-Enforce: How Progressive Security Policies Reduce Blast Radius

Ransomware with a Twizt: Inside the Phorpiex Botnet

Mar 31, 2026 By Threat Research Team In BitSight

Phorpiex, also known as Trik, is a resilient and long-running botnet with a history dating back to 2011. While it has grabbed some headlines, its sustained presence and adaptability make it a subject of ongoing concern for the cybersecurity community. Phorpiex has consistently demonstrated its capability to evolve, shifting from a pure spam operation to a sophisticated platform.

Read Post

BitSight

Read more about Ransomware with a Twizt: Inside the Phorpiex Botnet

Axios NPM Supply Chain Compromise

Mar 31, 2026 By Tom Keech In Sentrium

The JavaScript ecosystem experienced a significant supply chain incident on 31 March 2026 when two newly published Axios versions were found to contain a malicious dependency. Axios is one of the most widely used HTTP clients in both browser and Node.js environments, with weekly downloads ranging from 80 to over 100 million. The compromise impacted organisations across sectors that rely on the package for service integration and automation.

Read Post

Sentrium

Read more about Axios NPM Supply Chain Compromise

When AI Stops Assisting and Starts Acting

Mar 31, 2026 By Tanium In Tanium

For decades, the service desk has operated on a simple assumption: humans must interpret every IT problem before action can be taken. A ticket is created. Teams investigate. Data is pulled from multiple tools. Eventually someone determines the root cause and decides what to do next. It works - but it's slow, reactive, and heavily manual. That assumption is starting to change. With Tanium AI agents in ServiceNow Now Assist for ITSM connected to Tanium's real-time endpoint intelligence, machines can now understand issues, analyze live telemetry, and recommend or execute remediation in seconds.

View Video

Tanium

AI
Security

Read more about When AI Stops Assisting and Starts Acting

World Backup Day isn't just a date. It's a Reminder Most of us Ignore - Until It Hurts.

Mar 31, 2026 By Pranav In BDRSuite

I’ve spoken to enough business owners over the years to notice a pattern. Nobody thinks about backups on a normal day. But the moment something breaks – during a war,...

Read Post

BDRSuite

Read more about World Backup Day isn't just a date. It's a Reminder Most of us Ignore - Until It Hurts.

New integrations between 1Password SaaS Manager and EPM

Mar 31, 2026 By 1Password In 1Password

Most organizations can tell you which apps sit behind SSO. Far fewer can tell you what other apps teams are using, or who has access to the credentials.

Read Post

1Password

Read more about New integrations between 1Password SaaS Manager and EPM

Securing AI Agents on GKE: Where gVisor, Workload Identity, and VPC Service Controls Stop Working

Mar 31, 2026 By Shauli Rozen In ARMO

You enable GKE Sandbox on a dedicated node pool, bind Workload Identity Federation to your AI agent pods, wrap your data services in a VPC Service Controls perimeter, and deploy your agents with the Agent Sandbox CRD using warm pools for sub-second startup. Your security posture dashboard shows every control configured and active. And then an attacker uses prompt injection to trick an agent into exfiltrating sensitive data through API calls that every single one of those layers explicitly allows.

Read Post

ARMO

Read more about Securing AI Agents on GKE: Where gVisor, Workload Identity, and VPC Service Controls Stop Working

The High Cost of Low Trust: Our Commitment to Radical Transparency

Mar 31, 2026 By Ross McKerchar In Sophos

Only 5% of organizations fully trust their cybersecurity providers. Let’s do better. In our industry, trust isn't an abstract concept. It’s the currency of cybersecurity – the foundation of every partnership we build and every protection we provide. However, a recent independent, vendor-agnostic survey of 5,000 cybersecurity decision-makers across 17 countries reveals a stark reality: we’re facing a trust crisis.

Read Post

Sophos

Read more about The High Cost of Low Trust: Our Commitment to Radical Transparency

A first step toward post-quantum security

Mar 31, 2026 By Daryl Martin In 1Password

At 1Password, our mission is simple: to protect people’s most critical information, their credentials. At the time of writing this post, I personally have 291 items in my vault, so the long-term confidentiality of this data is critical to myself and every 1Password user. We are thrilled to announce the first major milestone in our post-quantum cryptography (PQC) journey, the successful deployment of PQC on 1Password’s web application.

Read Post