%term

What Is the Shai Hulud npm Worm and How to Protect Against It

Jan 6, 2026 By The Apono Team In Apono

Shai Hulud didn’t invent a new supply chain weakness. It took advantage of something most teams already struggle with: long-lived credentials sitting on developer laptops and CI runners. Once it landed in a workstation or pipeline, it went hunting for secrets, then moved into GitHub, npm, and cloud environments. The damage is huge.

Read Post

Apono

Read more about What Is the Shai Hulud npm Worm and How to Protect Against It

Tame the Vault Sprawl: Bring All Your Secrets Under Control in 60 Seconds

Jan 6, 2026 By CyberArk In CyberArk

This 60-second video highlights the growing challenge of secret sprawl—developer-created vaults, duplicate credentials, and inconsistent security policies scattered across cloud environments. It shows how this fragmentation increases risk, complicates compliance, and opens the door to breaches. The video introduces CyberArk Secrets Hub as the solution: a centralized, policy-driven platform that unifies visibility, enforces standards, automates rotation, and preserves existing cloud-native and HashiCorp workflows. The result? Simplified oversight, stronger security, and audit-ready operations.

View Video

CyberArk

Read more about Tame the Vault Sprawl: Bring All Your Secrets Under Control in 60 Seconds

The Need for Speed in Exposure Validation

Jan 6, 2026 By Marc Gaffan In IONIX

In cybersecurity, speed has always mattered, but never as much as it does today. Modern enterprises are operating in an era of constant digital acceleration. Cloud-first strategies, third-party integrations, and remote workforce enablement have massively expanded the digital footprint of nearly every organization. With that expansion has come an explosion in internet-facing assets, many of which sit outside the visibility and control of security teams.

Read Post

IONIX

Read more about The Need for Speed in Exposure Validation

5 Indicators That Standing Privileges Put You at Risk

Jan 6, 2026 By Gabriel Avner In Apono

In most organizations, standing privileges don’t show up all at once. They accumulate quietly. A role is added “temporarily.” A contractor needs broad access to finish a project. A service account gets oversized permissions because no one has time to fine-tune them. None of these choices seem harmful in the moment, but over time they build into a privilege surface that’s far too large and far too easy to misuse.

Read Post

Apono

Read more about 5 Indicators That Standing Privileges Put You at Risk

Keeper Security 2025 Retrospective

Jan 6, 2026 By Keeper Security In Keeper

2025 was a major year for Keeper Security. We grew globally, strengthened our zero-trust and zero-knowledge platform, launched new products and surpassed four million paid users worldwide. We’re reflecting on all that we’ve accomplished. Thank you to everyone who helped make 2025 one of our best years yet!

View Video

Keeper

Read more about Keeper Security 2025 Retrospective

CMMC: From Ignored Compliance to Mandatory Enforcement

Jan 6, 2026 By Baan Alsinawi In CISO Global

Protecting sensitive data does require investment, and that mindset hasn’t been universal. Now, it isn’t an option. It’s time to move from debate to execution.

Read Post

CISO Global

Read more about CMMC: From Ignored Compliance to Mandatory Enforcement

AI-Enabled Cyber Intrusions: What Two Recent Incidents Reveal for Corporate Counsel

Jan 6, 2026 By Daniel Ilan et al. In LevelBlue

This article was authored by Daniel Ilan, Rahul Mukhi, Prudence Buckland, and Melissa Faragasso from Cleary Gottlieb, and Brian Lichter and Elijah Seymour from Stroz Friedberg, a LevelBlue company. Recent disclosures by Anthropic and OpenAI highlight a pivotal shift in the cyber threat landscape: AI is no longer merely a tool that aids attackers, in some cases, it has become the attacker itself.

Read Post

LevelBlue

Read more about AI-Enabled Cyber Intrusions: What Two Recent Incidents Reveal for Corporate Counsel

How Permit-All Mode Simplifies Troubleshooting Across Routing and Firewalls

Jan 6, 2026 By Forward Networks In Forward Networks

When application traffic fails to reach its destination, teams must determine whether the problem lies in routing, firewall rules, NAT behavior, or a combination of all three. In many environments, these components overlap in ways that make traditional troubleshooting slow and error-prone. Engineers often have to run repeated tests, stage changes, or temporarily disable rules to understand why a flow is being blocked.

Read Post

Forward Networks

Read more about How Permit-All Mode Simplifies Troubleshooting Across Routing and Firewalls

How MSPs can solve their Microsoft 365 productivity crisis with AI and automation

Jan 6, 2026 By Lee Pender In Acronis

Microsoft 365 is both powerful and challenging for managed service providers (MSPs). It's nearly ubiquitous at client sites, which means MSPs don't have to worry about managing multiple business suites. Unfortunately, protecting Microsoft 365 isn't easy. Microsoft's own level of protection is limited by design, and MSPs often have to cobble together a collection of unintegrated tools to keep Microsoft 365 data safe for clients. Technicians end up stretched thin as tickets pile up.

Read Post

Acronis

Read more about How MSPs can solve their Microsoft 365 productivity crisis with AI and automation

The Silent Threat to the Agentic Enterprise: Why BOLA is the #1 Risk for AI Agents

Jan 6, 2026 By Eric Schwake In Salt Security

In the race to deploy autonomous AI agents, organizations are inadvertently building on a foundation of shifting sand. While security teams have spent the last year focused on "Prompt Injection" and "Model Poisoning," a much older, more dangerous adversary has quietly become the primary attack vector for the agentic era: Broken Object Level Authorization (BOLA).

Read Post