GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

When a fast-scaling digital bank began seeing widespread employee adoption of generative AI tools like ChatGPT and Gemini, their security team faced a growing dilemma: how do you protect sensitive data without shutting down innovation?

The 2025 GigaOm Radar Report for SecOps Automation has named Torq a Leader and Fast Mover. The category’s shift this year away from SOAR to SecOps Automation confirms what SOC leaders already know, and Torq has been saying for years: Legacy SOAR is done. Too rigid, too slow, and too fragile, SOAR can’t keep up with today’s adversaries.

We’re thrilled to share that Zenity is included in the unveiling of the Microsoft Security Store Partner Ecosystem. The Security Store is a new marketplace offering from Microsoft that brings together trusted, curated security solutions and AI agents to help organizations navigate the evolving landscape of cybersecurity in the age of AI. The Microsoft Security Store is a strategic leap forward in how security teams discover, deploy, and operationalize technologies that protect their environments.

Despite having modern DLP and CASB tools in place, they lacked the behavioural insights and real-time context needed to guide employee use of GenAI tools. Shadow AI use was growing, and SecOps lacked clear visibility into which incidents required intervention.

The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This information was derived from a new SpiderLabs ransomware tracking tool that gathers information from a variety of open intelligence sources and our own proprietary research.

Securing your applications couldn’t be more important in today’s fast-moving world of software development. Organizations face mounting pressure to deliver innovative software at an accelerated pace, yet this speed must never compromise security. This is where DevSecOps becomes crucial. With threats constantly getting smarter, developers need effective tools to write secure code right from the start.

Stripe OLT has achieved the Microsoft Cloud Security Specialisation, strengthening our position as one of the UK’s leading IT and Cyber Security providers. This certification – as well as our prior Microsoft Threat Protection Advanced Specialization certification – demonstrates our proven expertise in securing cloud environments with Microsoft’s advanced security tools.

The role of SIEM has never gone away. From the beginning, it’s been the backbone of security operations: the system where logs converge, alerts are analyzed, and incidents are investigated. What’s changed is our ability to use it correctly. Legacy, traditional SIEM tools forced trade-offs. Teams filtered data at ingest, dropped logs to control costs, or siloed analytics into disconnected point tools. The result was a SIEM that felt heavy, reactive, and underwhelming.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ouch. Really ouch. Just a hop and a skip away: I suppose it is fair to point out that you need physical access to perform this. Hard, but not impossible: A win is a win.