%term

Principles in Practice 2: Authorization Should Be Deterministic, Not Probabilistic

Dec 4, 2025 By 1Password In 1Password

Here’s the reality: AI unlocks incredible innovation, but it also introduces real security risk. LLMs are probabilistic, which makes them great for generating code or summarizing data, but unreliable when it comes to enforcing access. Security requires verifiable, rule-based truth. At 1Password, our approach to AI keeps authorization in a secure, auditable flow so you always know who is accessing what, and why.

View Video

1Password

Read more about Principles in Practice 2: Authorization Should Be Deterministic, Not Probabilistic

CVSS 10.0 CVE in React & Next.js: How You Can Stay Safe

Dec 4, 2025 By Itamar Sher In Seal Security

On December 3rd, CVE-2025-55182 was published by CISA. This CVSS 10.0 vulnerability allows unauthenticated remote code execution, where a threat actor can exploit a flaw in React’s process to decode payloads sent to React Server Function endpoints. It is important to note that while not every team is using React Server Function endpoints in their app, they still may be vulnerable if their app supports React Server Components.

Read Post

Seal Security

Read more about CVSS 10.0 CVE in React & Next.js: How You Can Stay Safe

What is Tech Facilitated Abuse? A Guide to Online Gender-Based Violence

Dec 4, 2025 By The Cyber Helpline In The Cyber Helpline

Technology is part of everyday life, offering connection and convenience. For many women and girls experiencing gender based violence in the UK, that same technology is increasingly used as a tool of control, surveillance and harm. Understanding how this abuse works is essential for safeguarding and accountability.

Read Post

The Cyber Helpline

Read more about What is Tech Facilitated Abuse? A Guide to Online Gender-Based Violence

Why Customer Support Teams Need Modern DLP for Zendesk

Dec 4, 2025 By Anant Mahajan In Nightfall

Customer support teams face an impossible paradox: they need to help customers quickly, but customers routinely share sensitive information that creates compliance risks and security exposure. Credit card numbers pasted into chat. Driver's licenses attached to verification tickets. Medical records uploaded to troubleshoot healthcare apps. Social security numbers submitted through web forms. Traditional DLP wasn't built for this reality.

Read Post

Nightfall

Read more about Why Customer Support Teams Need Modern DLP for Zendesk

Emerging Threat: CVE-2025-55182 (React2Shell) - React Server Components RCE Vulnerability

Dec 4, 2025 By Amit Sheps In CyCognito

On December 3 2025, the React team released patched versions of the affected React Server Components packages. Framework vendors, including Next.js, provided updated builds on the same day. Any environment using React Server Components or frameworks that embed the RSC pipeline should.

Read Post

CyCognito

Read more about Emerging Threat: CVE-2025-55182 (React2Shell) - React Server Components RCE Vulnerability

Does Your Team Trust AI More Than You?

Dec 4, 2025 By UpGuard In UpGuard

Managers: When your team needs answers, are they coming to you or to AI? Our new report found 27% of employees now trust AI more than their colleagues or managers. In this video, we break down why banning AI creates a trust vacuum that's fundamentally breaking team structures.

View Video

UpGuard

Read more about Does Your Team Trust AI More Than You?

The Mythical 1+1=3 Model in Cybersecurity

Dec 4, 2025 By Reach Security In Reach Security

The mythical 1+1=3 model in security? It happens when the tools you already own stop working in isolation — and start working as a system. Jay Wilson and Garrett Hamilton dig into why Reach’s platform approach matters: not just enhancing individual controls, but creating compounding value across identity, endpoint, email, and network. When visibility, configuration, and enforcement align, the outcome isn’t incremental — it’s exponential.

View Video

Reach Security

AI
Security

Read more about The Mythical 1+1=3 Model in Cybersecurity

Building Customer Trust at Scale with Trust Centers

Dec 4, 2025 By Keshav Malik In Astra

In a world where 86% of enterprise buyers bail if they can’t verify security early, the demand for transparency has reached a critical point. Every vendor claims to have security certifications, compliance badges, and rock-solid infrastructure, but how can buyers verify these claims when they’re hidden behind emails or buried in 400-page PDFs?

Read Post

Astra

Read more about Building Customer Trust at Scale with Trust Centers

Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems

Dec 4, 2025 By John Gamble In CrowdStrike

The rapid adoption of AI has introduced a new, semantic attack vector that many organizations are ill-prepared to defend against: prompt injection. While many security teams understand the threat of direct prompt injection attacks against AI agents developed by their organizations, another more subtle threat lurks in the shadows: indirect prompt injection attacks.

Read Post

CrowdStrike

Read more about Indirect Prompt Injection Attacks: A Lurking Risk to AI Systems

AI in IAM: How much value is it really providing?

Dec 4, 2025 By Megan Pennie In One Identity

Let’s face it, AI is everywhere now. It has moved from novelty to necessity, reshaping the way we work, make decisions and secure our organizations. It guides how we plan trips, shop for essentials and discover information – but one of its most profound impacts is happening across enterprise environments.

Read Post