Security leaders are being squeezed from both sides. On one side, threat actors are scaling operations with AI automation, using it to craft more convincing social engineering attacks, accelerating reconnaissance, and improving lateral movement. On the other side, defenders are drowning in telemetry, suffering under staffing constraints, and facing the harsh reality that threat actors don’t keep business hours.

Scattered Spider–style attacks increasingly target airline loyalty accounts, where stolen credentials can be used to hijack frequent flyer accounts and redeem miles for fraud. Investigations associated with the Scattered Spider ecosystem show how attackers manipulate impersonation campaigns, phishing infrastructure, and account recovery workflows to gain control of customer accounts. For airline security teams, the lesson is not limited to one threat group.

Connect Okta & Shopify with any apps on the web using Okta Integration with Shopify with Okta as IDP. Enable secure SSO into Shopify Plus and Non-Plus stores, streamlining access for both customers and employees. Okta is a platform in the Identity-as-a-Service (IDaaS) category, meaning it allows you, your colleagues, or customers access to all other (company) software with a single set of login credentials.

On March 12, 2026, Veeam released fixes for multiple high and critical severity vulnerabilities in their Backup & Replication product that could allow remote code execution (RCE), privilege escalation, and credential theft. Arctic Wolf has not identified publicly available proof-of-concept exploits for these vulnerabilities, nor have we observed any exploitation.

One recurring theme in my research and writing on agentic AI security has been the distinction between soft guardrails and hard boundaries. As someone who serves on the Distinguished Review Board for the OWASP Agentic Top 10, and who spends every day thinking about how to secure agents across enterprise environments at Zenity, this distinction is not academic. It is potentially the single most important conceptual framework practitioners need to internalize right now.

Shopify's recent update introduces advanced extensibility features for Shopify customer accounts, significantly enhancing both Direct-to-Consumer (DTC) and Business-to-Business (B2B) customer accounts. This update allows for more seamless and customizable customer interactions, boosting satisfaction and operational efficiency for both types of customers. Shopify has revealed that developers can now access customer accounts using customer account UI extensions, which are currently in developer preview.

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2 has emerged as one of the most widely recognised frameworks for demonstrating product security assurance.

According to a Verizon report, the majority of data breaches are made possible by compromised credentials, especially on email servers. Social engineering, credential phishing and brute force attacks are some of the methods used by malicious actors to steal credentials. To improve the security of Office logins and help prevent data breaches, Microsoft introduced the modern authentication method.

The power of FedRAMP comes from standardization. By setting a firm baseline and forcing cloud service providers to adhere to it if they want to work with the government, a certain mandatory minimum level of security is enforced. A key part of FedRAMP as a security standard is that it’s not a fire-and-forget system. Instead, it involves constant, active vigilance through a process called continuous monitoring.

Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI. Over the last 15 years, he has authored standards, guidance and best practices with ISO, NIST, and other governing bodies. Smith strives to create actionable resources for organizations seeking to minimize technological risk and increase value to customers.