Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Endpoint attacks rarely appear in a single alert. Instead, they surface as a sequence of signals that require rapid investigation and response. For many teams, the challenge is not detection. It is having the time and expertise to investigate, validate, and then act. Arctic Wolf Aurora Managed Endpoint Defense addresses this by combining endpoint detection and response with expert Arctic Wolf analysts who take on the operational burden.

Mobile devices have become one of the most dynamic, and most exposed, parts of the modern attack surface. They access sensitive data, connect to untrusted networks, and rely heavily on third-party applications. Yet in many organizations, mobile security still lags behind traditional endpoint protection. Mobile device management (MDM) solutions help enforce configuration and compliance, but they were never designed to detect and respond to modern threats.

The goalkeeper is the only player on the pitch whose mistake immediately costs a goal. No recovery time. No second chance. That’s what makes credential security different from every other control. When it fails, the game is already over. Every other layer in your stack has someone behind it. Endpoint controls, network segmentation, privilege management, and policy enforcement are all players doing a job, each one backed up by another. Credentials aren’t like that. They sit behind all of it.

This is the second post in a series that follows 1Password’s response to NIST’s call for input on how those principles should apply to agents. In our last post on agent identity, we introduced why the ability to reason makes agents fundamentally different from traditional machine workloads, why it breaks the assumptions traditional identity and access management was built on, and why real-time attestation establishes agent identity at runtime.

Adversaries are evolving faster than defenders can respond, and they're weaponizing AI to accelerate their attacks. We’ve seen “living-off-the-land”, lateral movement, and the abuse of legitimate administrator tools enable hackers to hide in plain sight, diluting the effectiveness of traditional detection methods. Meanwhile, defenders are nervously trying to keep up with the accelerating pace of AI-empowered threats hitting them at machine speed.

npm shipped a new protection this week for its most depended-on accounts. When npm detects a sensitive action on a high-impact account, like an email swap or the use of a 2FA recovery code, it puts that account into a 72-hour read-only state and sends an alert to the previous email address. The package installs and downloads keep working as normal during this time, and the freeze lifts automatically at the end of the waiting period.

If you’re running Windows in your environment, WinRM is one of the most valuable, and most abused channels in your infrastructure. Graylog provides a purpose-built way to make those logs immediately actionable. The Microsoft WinRM Content Pack, available with an Illuminate license and Graylog Enterprise or Graylog Security, delivers ready-to-use parsing rules, streams, GIM categorization, and a dashboard so you can turn raw WinRM operational events into structured, searchable security intelligence.