Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What permissions are developers granting to Claude Code, and could those permissions pose a risk if the coding agent were exposed to malicious inputs? To answer this question, we turned to GitHub, the website where developers go to share their private configuration files. From Github we collected a dataset of 18,470.claude/settings.local.json files, each containing the permissions that a user granted to Claude Code for a software project.

The General Data Protection Regulation (GDPR) is the EU’s landmark law for data security and privacy, and is mandatory for any organization that processes the data of individuals within the EU. ‍ While GDPR compliance is a legal requirement, the framework also serves as a benchmark for ethical and transparent data management. For growing startups, aligning with the GDPR boosts credibility early on and signals customers and investors that privacy and trust are critical to the organization.

If you think AI-generated code is saving you time and boosting productivity, you’re right. But here’s the problem: it’s also likely introducing security vulnerabilities. However, there are GenAI security practices that can be weaved into your workflow to help protect your apps. The software development landscape is shifting under our feet.

Late last week, GreyNoise published one of the clearest signals we have seen that AI systems are no longer just research targets. They are operational targets. Their honeypot infrastructure captured 91,403 attack sessions between October 2025 and January 2026, revealing two distinct campaigns systematically mapping AI deployments at scale. This is a meaningful inflection point.

Many healthcare organizations want to move workloads to AWS but stall because they’re uncertain how to maintain HIPAA compliance in the cloud. The good news: AWS provides the tools and certifications needed for HIPAA-eligible services. The challenge is implementing them correctly. AWS has been HIPAA-eligible since 2013 and currently offers over 150 services that can be used in HIPAA-compliant architectures. But eligibility doesn’t equal compliance.

This blog analyses 2026, examining how pro-Russian hacktivist groups targeted UK government, financial, and transport organisations in response to geopolitical support for Ukraine.

Vendor fatigue doesn’t happen overnight. It builds slowly until one day you realize your security stack has become a security problem. The good news? You don’t have to live with it.

A recent University of North Carolina Wilmington study tested whether general-purpose large language models could infer CVSS v3.1 base metrics using only CVE description text, across more than 31,000 vulnerabilities. The results show measurable progress, but they also expose a hard limit that matters far more than model selection: Model quality helps, but missing context sets a ceiling on reliability.

Leading secrets security platform sees accelerated adoption across Fortune 500, with 60% of new customers choosing multi-year commitments.

The OWASP Top 10 is usually presented as a list of technical failures. Broken access control. Injection. Insecure design. Misconfiguration. Each category points to something that went wrong in the application. What it doesn’t say explicitly is what was actually at risk when it went wrong. In most real incidents, the answer is not “the application.” It’s the data inside it. Sensitive data is the reason attackers care about OWASP failures in the first place. Credentials.