Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cross-domain attacks exemplify adversaries’ drive for speed and stealth. In these attacks, threat actors navigate multiple domains such as endpoint, cloud, and identity systems to maximize their reach and impact. Their goal is to exploit the weaknesses in organizations’ fast-growing and complex environments.

In times of geopolitical and economic instability, no organization would consider running without backups, additional support, clear end goals, and company-wide communication. Within business, the wisdom of strength in numbers and power in unity is widely understood. However, when it comes to its cybersecurity – a critical pillar that reputation, safety, and resilience rely upon – the opposite often happens.

One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their APIs across AWS, Azure, GCP, Kong, and Mulesoft. This “ease of use” provides a “wow” moment of immediate visibility.

Apache Tomcat continues to play a central role in hosting Java-based web applications across enterprises, cloud services, and government systems. Its reliability and lightweight architecture make it a go-to choice for developers, but its ubiquity also means that a single vulnerability can have widespread security implications. CVE-2025-55752, disclosed in late 2025, highlights how a subtle processing regression can evolve into a high-impact vulnerability under the right conditions.

Drawing on Obrela’s experience managing complex cyber incidents and supporting national-level assurance programmes, Sebastian Bocquier, Head of DFIR, will present a practical, mission-ready framework that shifts accreditation from a static, one-time checkpoint to a continuous assurance capability embedded throughout NATO’s cloud ecosystem.

Identifying and redacting personally identifiable information (PII) is a critical need for enterprises handling sensitive data. Over 1000 NLP models and tools claim to solve this problem, but an infinite number of options opens a paradox of choice. We compiled this comprehensive comparison that examines ten notable PII detection solutions – their features, use cases, pros/cons, and reported success rates.

Whisper Leak targets remote language models, @acitons/artifact targets GitHub Actions users, and Quantum Route Redirect simplifies phishing.

Today, we’re introducing our Risk Reduction Dashboard. This is a new way for security leaders to quantify their AppSec program’s impact, prioritize high-value fixes, and prove ROI with data-backed insights that go beyond raw vulnerability counts.

NEW YORK – November 18, 2025 – Apono, the cloud identity-security company pioneering Zero Standing Privilege (ZSP) access management, today announced a $34 million Series B led by U.S. Venture Partners (USVP), with participation from Swisscom Ventures, Vertex Ventures, 33N Ventures, and existing investors. The round brings Apono’s total funding to more than $54 million. Over the past year, Apono established product-market fit with a fourfold increase in client count.

Microsoft Foundry and Microsoft Copilot Studio have made it simple to build AI agents that automate workflows, access sensitive data, and integrate across critical business systems. However, agent democratization without control creates new security challenges. Further, as more agents are deployed across the organization, it means more agents that can access more data, invoke more tools (including MCP and A2A), and perform more actions. In other words, the potential attack surface is expanding.