Microsoft 365 has become the backbone of modern business productivity, with more than 450 million paid seats and over 300 million monthly Teams users. But this widespread adoption comes with a sobering reality: Microsoft 365 is now a prime target for cybercriminals worldwide.

Data is no longer confined to a few clean relational systems. It now flows through microservices, data lakes, event streams, vector databases, and LLM pipelines. Sensitive information spreads quickly, and once it reaches ungoverned surfaces—logs, analytics exports, embeddings—it becomes extremely painful to unwind. Tokenization is one of the few controls that can both minimize data exposure and preserve business functionality.

A critical vulnerability, CVE-2025-66478, has been identified in Next.js applications using React Server Components (RSC) with the App Router. This vulnerability receives a CVSS score of 10.0 and a Bitsight Dynamic Vulnerability Exploit (DVE) score of 7.85. This vulnerability may allow remote code execution (RCE) when affected servers process attacker-controlled RSC requests. CVE-2025-66478 is tied to an upstream React issue (CVE-2025-55182–DVE score 9.15) affecting the RSC protocol implementation.

We recently published a series of polls across our social channels to get a pulse on some of today’s application security concerns with AI. These recent conversations with our community reveal a clear and urgent shift in the application security landscape. Results show that while established challenges like software supply chain security remain top of mind, the rapid pace of AI has created a new center of gravity for anxiety.

In today’s high-turnover work environment, we’re watching something unusual happen: record numbers of security cleared, experienced professionals are re-entering the job market. They’re leaving shuttered programs, reorganised agencies, downsized contractors, and sometimes entire departments caught in a budget reshuffle. Conventional wisdom says these people are an asset anywhere they land.

On December 4, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the Canadian Centre for Cyber Security jointly released Malware Analysis Report AR25-338A analyzing BrickStorm malware, a sophisticated backdoor attributed to the People’s Republic of China (PRC) state-sponsored cyber actors.

A few weeks ago, a cyberattack shut down operations at the Japanese brewery Asahi, disrupting its supply chain and affecting product availability across the country. Incidents like these often take advantage of the complexity of distributed infrastructures, where insufficient segmentation between OT (Operational Technology) and IT (Information Technology) environments lets threats spread laterally uncontrolled.