The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact.

User management in Atlassian Cloud has become one of the biggest time sinks for admins. A majority of Jira and Confluence Cloud maintenance time is spent on onboarding, offboarding, and cleaning up inactive accounts. These delays lead to license waste and increased security exposure as ex-employees retain active credentials far longer than intended.

AI tools have proved their worth in the workplace. They help us write, research, code, plan, and automate. They’re making employees faster and more productive, and helping businesses move and innovate at a pace that wasn’t possible before. But AI’s rise wasn’t orchestrated by IT. It didn’t always arrive through formal adoption plans or procurement cycles. It turned up in shared links to popular GenAI and other tools, self-sanctioned and adopted by users in minutes.

Cloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF). Cloudflare Workers are inherently immune to this exploit. React-based applications and frameworks deployed on Workers are not affected by this vulnerability.

Since the launch of the Vanta AI Agent, teams using the Vanta AI Agent are saving an average of four hours a week—time they can reinvest in building, shipping, and scaling securely. ‍ According to a recent Vanta customer survey, 91% of Vanta AI Agent users say it’s improved their audit readiness, and 86% report faster audit preparation overall. Teams had less manual work, fewer last-minute scrambles, and more time to focus on meaningful security improvements. ‍ ‍ ‍

LevelBlue SpiderLabs ransomware tracker noted a slight dip in the overall number of attacks that took place in November 2025, but the research team saw the threat group Cl0p surge, conducting 98 attacks during the month, up from just 13 in October. LevelBlue SpiderLabs derived the information from its ransomware-tracking tool, which gathers data from a variety of open intelligence sources and our own proprietary research.

Every security team I meet is dealing with the same pressure: more cloud, more AI, more data, more noise, and less time. The cloud promised speed and flexibility, and it delivered. However, customers are asking for an easier path to understanding what’s actually happening across that environment. That gap, between what teams can see and what they need to see, is where threats hide.