AI assistants and search tools are woven into daily work. But not all providers handle your prompts, files, or transcripts the same way. Small policy details determine whether your data trains future models, how long it’s kept, and what an auditor will see. If you use these tools in regulated environments, the safest choice to ensure OpenAI data privacy often depends on your specific channel: consumer app, enterprise account, or API.

If you’ve spent any time in the identity security space lately, you’ve probably noticed the word “Fabric” being tossed around a lot. And if you’re like most people, you might be wondering: Is this just another marketing buzzword? Identity environments today are more complex than ever.

Ransomware is the gift that keeps on giving… and taking. I’ve been tracking ransomware for almost nine years now, and I’ve seen it progress from simple and annoying malware to an organization-ending threat for many. I’m not big on pushing FUD (Fear, Uncertainty and Doubt), so when I say that it is one of the biggest cyberthreats to organizations in the small and medium-sized business space, I am not exaggerating.

The eCrime threat landscape in the Asia Pacific and Japan (APJ) region is quickly evolving, driven by a mix of regional and global adversaries. From Chinese-language underground marketplaces facilitating the sale of stolen data and illicit services, to a rise in AI-developed ransomware campaigns, threat actors across the region are seeking new ways to scale and accelerate their operations.

A new survey found that 50% of UK residents aged 16 to 34 cite deepfake nudes as their top worry related to AI technology, SecurityBrief reports. The survey, published by VerifyLabs, found that 35% of Brits across all age groups said sexualized deepfakes of themselves or their children were their top concern. “The study indicated that more than one in three respondents (36%) are also worried about the impact deepfakes could have on their family and friends,” SecurityBrief writes.

Privileged access management (PAM) secures critical accounts and credentials that attackers target to compromise entire systems. By removing standing privileges, enforcing just-in-time access, vaulting passwords, and monitoring sessions, PAM reduces risk and streamlines compliance.

It feels like the security world is caught in a recurring cycle. We see a spike in strange scanning activity, file it away as internet background noise, and then weeks later, a major zero-day exploit drops, targeting the very technology that was being scanned. The recent Cisco ASA vulnerabilities were a textbook example of this pattern. A September 4, 2025, report from GreyNoise highlighted a massive surge in scanning, with over 25,000 unique IPs probing Cisco ASA devices.

Attackers are targeting Active Directory Certificate Services misconfigurations to impersonate admins. Netwrix is closing this gap with monitoring and blocking of suspicious certificate enrollments, easier access to security insights through MCP servers, and real-world validation via Bug Crowd. These innovations advance identity-first security and reduce organizational risk.

How do you find an adversary who lives where you can't easily look? A recent CISA advisory on the state-sponsored actor "Salt Typhoon" highlights this exact challenge. These actors aren't just breaking in; they're moving in. They persist on network edge devices like routers and firewalls—critical infrastructure that often sits outside the view of traditional endpoint security. From this vantage point, they capture traffic, steal credentials, and plan their next move.

In cyber security, two terms are often used interchangeably but mean very different things: penetration testing and red teaming. Both involve authorised simulations of cyber attacks designed to uncover weaknesses, yet they differ in scope, intent, and the insights they provide. A penetration test reveals where defences can be strengthened, while a red team exercise demonstrates how those defences perform under pressure.