Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Endpoint detection and response (EDR) tools, and the analysts using them, have become incredibly effective. They have become so good, in fact, that we're now seeing a clear shift in adversary behavior: attackers are being pushed off the endpoint and onto places where EDR cannot run. This isn't just a theory. As I was writing a separate blog about a recent Cisco exploit which spurred an immediate CISA emergency directive, news dropped about another major network edge vendor, F5.

At the AI Agent Security Summit in San Francisco, some of the brightest minds in AI security and top industry leaders gathered to tackle one of the most challenging problems in tech nowadays - how do we secure super smart systems that change at runtime and are designed to think, adapt, and compete? As someone who spends every day turning AI security challenges into tangible solutions, I left the summit both inspired by the innovation on display and concerned by the magnitude of what’s still ahead.

Zero Standing Privileges (ZSP), where no user or system account has access unless there is a task being performed, is a milestone goal for most security teams. No always-on accounts, no secrets sitting around “just in case,” and nothing waiting to be misused. For a long time, privileged access management (PAM) has meant using credential vaults to store, rotate, and protect privileged credentials like administrative passwords, SSH keys, and API tokens.

False positives from security scanners cost one enterprise over 200 developer hours in a single quarter. At a loaded cost of $150/hour, that’s $30,000 in wasted productivity. Frustrated, they disabled their scanners entirely. Multiplied across dozens of teams, this problem costs enterprise organizations millions, and it is not an isolated issue. This impossible trade-off between noise and risk is why organizations need a more intelligent approach to security.

These days it can be hard to tell if something is or isn’t a scam. Take this email I recently received. It claims to be from HP. It included a PDF file attachment: It would be great if it actually told me the product it was referring to beyond some obscure serial number. I checked the serial number. It didn’t match my HP printer sitting next to my desk. All my laptops and older desktop computers are Dell. I didn’t like how it didn’t have my full name. Just Roger. No product name.

Unlike closed-source code or proprietary applications, open source software (OSS) exposes its source code, allowing anyone to view, modify, or contribute to it. This transparency delivers both opportunities and unique threats; developer communities can uncover flaws faster, but attackers can also examine code for weaknesses and even easily leverage known reported open source vulnerabilities.

Organizations that support remote work and third-party access face increased security risks to critical systems. While Virtual Private Networks (VPNs) have been the traditional answer for securing remote access, they cannot keep up with modern security and compliance needs, which can be better managed through a Remote Privileged Access Management (RPAM) solution.

In today’s enterprise environments, endpoints are more than just laptops and desktops. They are the critical bridge where people, applications, and data intersect. While much attention is given to malware prevention and threat detection, one security layer is often underestimated: device control.

This post will describe a long-running spam campaign from a Brazilian group known for using the Lampion stealer. We’ll detail the latest updates on the infection chain and its components, share previously undescribed indicators, and cover key takeaways, including.

AI is rewriting the rules of privileged access, but the rise of AI agents is creating a governance crisis. Threats like credential stuffing and privilege escalation are now accelerated by autonomous systems moving faster than humans can react. 82% of companies deploy autonomous AI agents, but 23% of IT teams admit those bots have already been tricked into revealing credentials—and fewer than half have guardrails in place. In modern infrastructure, machine identities now outnumber humans 80:1.