Small and medium businesses are increasingly exposed to email-based attacks that rely on compromised accounts and trusted communication patterns. In a typical business email compromise scenario, attackers gain access to an executive’s email account and monitor communication over time. This allows them to understand how financial requests are handled and when key individuals are unavailable. At the right moment, they send emails that appear legitimate.

At 1Password, we regularly invite outside experts to challenge our assumptions and strengthen our security. We encourage security researchers to participate in our bug bounty programs, and have spent years building a collaborative research environment. We also believe in the benefit of open source software and standards, which raise the bar for the industry as a whole, while ultimately benefiting our 1Password customers.

Frontier AI is poised to change cybersecurity faster than most organizations can adapt. It’s accelerating vulnerability discovery, which puts new pressure on security teams to handle more vulnerabilities, in less time, with workflows built for much slower technology. The primary challenge of the frontier AI era is not the increase in vulnerabilities. It’s understanding which exposures are most critical and how to address them before adversaries target them.

Since the announcement of the Atlassian Data Center end-of-life, organizations have started planning their migration to the cloud. However, it’s not a simple copy-and-paste job. Over time, your Jira and Confluence instances accumulate years of attachments. These might include screenshots, log files, ZIP files, duplicate uploads, and other items nobody remembers uploading. You might not even realize these files exist until migration begins and the bloat starts causing delays.

As cyber threats targeting critical infrastructure continue to evolve, the energy sector remains a prime target for malicious actors. Protecting the electric grid requires a strong regulatory framework and robust cybersecurity monitoring practices. In the United States, the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) play key roles in safeguarding the power system against cyber risks.

Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat actors. The vulnerability allows unauthenticated attackers to remotely compromise vulnerable systems and potentially achieve remote code execution, putting exposed PeopleSoft environments at immediate risk. What makes this vulnerability especially concerning is that attackers exploited it as a zero-day before Oracle released a patch.

One of the less surprising findings of the 2026 Verizon Data Breach Incident Report (DBIR) is the fact that incidents targeting the Financial and Insurance sector are on the rise. As they put it, “This sector continues to be a favorite among attackers, which isn’t surprising given that its core business is handling money.”