Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s hyper-connected digital landscape, trust cannot be assumed; every system, application, and transaction is potentially vulnerable. As organisations increasingly rely on digital infrastructure, ensuring the security and reliability of these systems is critical. This is where human validation plays a pivotal role. Human validation involves proving the truth, existence, or accuracy of something by actively demonstrating it, rather than simply assuming it works as intended.

On September 18, 2025, Fortra released a patch addressing a critical vulnerability in GoAnywhere Managed File Transfer (MFT), tracked as CVE-2025-10035. The vulnerability stems from a deserialization flaw in the License Servlet of GoAnywhere MFT, allowing a remote threat actor with a valid forged license response signature to deserialize an arbitrary, threat-actor-controlled object and potentially achieve command injection.

Managed service providers (MSPs) struggle with protecting client data across multiple environments while controlling costs. MSP backup software solves this problem through centralized management and multi-tenant architecture that lets you handle hundreds of clients from one dashboard instead of juggling separate systems for each customer.

In the rapidly evolving field of AI, understanding the distinctions between how agentic workflows are initiated is crucial. While the verbiage among tech providers varies, it essentially comes down to whether an agent is prompted by a human from a chat interface or autonomously from external sources like emails, data changes, calendar invites, or otherwise.

The regularly occurring NYC AI Safety Meetups cover a variety of topics, with this latest session focusing on the convergence of AI Safety and AI Security. I had the fantastic opportunity to contribute to the conversation, it’s one that’s been budding for some time, but this was my first direct exposure.

The Shai-Hulud worm wasn't just a sophisticated supply chain attack; its most important lesson was about a crisis of communication. The attack thrived in the organizational gap between security policy and the daily realities of software development, a gap that exists in most companies. Defending against the next software supply chain attack requires more than a new tool; it demands a strategic shift from imposing controls to forging a genuine partnership with engineering.

UK security leaders are making their voices heard. Four in five want DeepSeek under regulation. They see a tool that promises efficiency but risks chaos. Business is already under pressure. Trade disputes drag on. Interest rates remain high. Cyber threats grow. Every move to expand operations adds risk, and risk is harder to measure when AI enters the equation. AI spreads fast. It cuts costs, fills gaps, and automates mundane tasks. But it also opens hidden doors. In the UK, AI is now part of daily work.

Learn how to shift the conversation from "who’s to blame" to "who has context" in managing non-human identities across modern enterprise IT infrastructure.

Organizations have finite resources available to combat threats, both by the adversaries of today and those in the not-so-distant future that are armed with quantum computers. In this post, we provide guidance on what to prioritize to best prepare for the future, when quantum computers become powerful enough to break the conventional cryptography that underpins the security of modern computing systems.

In this series, we looked at why we combined our SRE and security teams into one cohesive group, and how we made that happen. With this combined approach, we set out to build our internal platform and customer-facing products with a security-first mindset, while still drawing upon the deep expertise of our existing SRE practices. Combining the teams improved the way we build tools for both our engineers and customers and strengthened our ability to mitigate risks.