%term

Common PCI DSS Compliance Mistakes

Jan 6, 2026 By Narendra Sahoo In VISTA InfoSec

PCI DSS compliance requires an organizational implementation of the required processes and procedures. Your compliance efforts are typically sabotaged by mistakes made from the top. We’re going to briefly discuss the top PCI DSS Compliance Mistakes that are made and how to avoid them.

Read Post

VISTA InfoSec

Read more about Common PCI DSS Compliance Mistakes

Automated Red Teaming: Capabilities, Pros/Cons, and Latest Trends

Jan 6, 2026 By Tiffany Jennings In Mend

Automated red teaming uses software to simulate cyberattacks and test security defenses, helping organizations find and fix vulnerabilities more efficiently. It automates tasks like credential harvesting, system enumeration, and privilege escalation to test security posture in a continuous, scalable manner. Beyond traditional systems, automated red teaming can also be used for AI systems, where it tests for risks like data poisoning or prompt injection in generative models.

Read Post

Mend

Read more about Automated Red Teaming: Capabilities, Pros/Cons, and Latest Trends

A Practical Approach to Continuous Threat Exposure Management

Jan 6, 2026 By Revashni Moodley In UpGuard

Organizations face a complex cybersecurity conundrum. Attack surfaces are expanding faster than SOC teams can scan. All of which is leading to a never-ending cycle of swivel-chair security, context-free lists, increased alert fatigue, and slow remediation. The strategic pivot needed to combat this is Continuous Threat Exposure Management (CTEM). A structured and essential alternative that moves teams away from reactive scanning to proactive, ongoing validation and prioritization.

Read Post

UpGuard

Read more about A Practical Approach to Continuous Threat Exposure Management

What is Exposure Management? From Visibility to Action

Jan 6, 2026 By Jessica Amado In Seemplicity

Exposure Management has quickly become one of the most talked-about concepts in cybersecurity. This article breaks down what exposure management really is, how it differs from vulnerability management, and why the ability to take action is what ultimately drives meaningful risk reduction.

Read Post

Seemplicity

Read more about What is Exposure Management? From Visibility to Action

Secrets in the Machine: Preventing Sensitive Data Leaks Through LLM APIs

Jan 6, 2026 By GitGuardian In GitGuardian

In this webinar, we break down a simple but increasingly common problem: secrets leak wherever text flows, and modern LLM apps and agentic workflows are built to move text fast. We walk through concrete demos showing how API keys and passwords can surface through RAG-based assistants when secrets accidentally live in knowledge bases (tickets, docs, internal wikis). We also show why “just harden the system prompt” isn’t a reliable fix, and how output-only redaction can be bypassed (for example by simple formatting/encoding tricks). Most importantly, we explore real-world agent architectures.

View Video

GitGuardian

Read more about Secrets in the Machine: Preventing Sensitive Data Leaks Through LLM APIs

When Seeing Isn't Believing: AI Images, Breaking News and the New Misinformation Playbook

Jan 6, 2026 By KnowBe4 Team In KnowBe4

In the early hours following reports of a U.S. military operation involving Venezuela, social media feeds were flooded with dramatic images and videos that appeared to show the capture of Venezuelan president Nicolás Maduro. Within minutes, AI-generated photos of Maduro being escorted by U.S. law enforcement, scenes of missiles striking Caracas, and crowds celebrating in the streets racked up millions of views across various social media channels. The problem?

Read Post

KnowBe4

Read more about When Seeing Isn't Believing: AI Images, Breaking News and the New Misinformation Playbook

What Is the Shai Hulud npm Worm and How to Protect Against It

Jan 6, 2026 By The Apono Team In Apono

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

Read Post

Apono

Read more about What Is the Shai Hulud npm Worm and How to Protect Against It

The Need for Speed in Exposure Validation

Jan 6, 2026 By Marc Gaffan In IONIX

In cybersecurity, speed has always mattered, but never as much as it does today. Modern enterprises are operating in an era of constant digital acceleration. Cloud-first strategies, third-party integrations, and remote workforce enablement have massively expanded the digital footprint of nearly every organization. With that expansion has come an explosion in internet-facing assets, many of which sit outside the visibility and control of security teams.

Read Post

IONIX

Read more about The Need for Speed in Exposure Validation

5 Indicators That Standing Privileges Put You at Risk

Jan 6, 2026 By Gabriel Avner In Apono

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Read Post