Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For many engineering teams, CI/CD security appears to be working. Static scans run automatically. Vulnerabilities are flagged. Security checks exist somewhere in the pipeline. Yet issues still surface after release. The reason is rarely the absence of tools. More often, it is the absence of structural enforcement across the build lifecycle. Security controls run inside the pipeline, but they do not always guarantee that the artifact being tested is the same artifact that ultimately reaches users.

Spear phishing is on the rise in the US and is quickly becoming the biggest cybersecurity threat for businesses. With more sophisticated, human-like emails and a greater reliance on email communication in general, it can be difficult to spot a standard phishing attack, let alone a spear phishing one.

The U.S. public sector faces unique challenges as it is tasked with safeguarding the most sensitive data of citizens, all while maintaining the critical infrastructure that keeps society functioning. Unfortunately, government and educational institutions are no longer just peripheral targets, they are on the frontline of cyberattacks.

Email-based threats are evolving faster than traditional solutions can keep up. According to Verizon’s 2025 Data Breach Investigations Report, the use of synthetically generated text in malicious emails has doubled over the past two years. That makes it far more difficult to spot social engineering attacks like phishing, which trick users with deceptive messages.

Messaging platforms are now a major vector for phishing and other social engineering attacks, according to a new report from NCC Group’s Fox-IT. The researchers warn that legitimate messaging apps such as WhatsApp, Telegram, Discord, Signal, LinkedIn, and Gmail-integrated messaging serve as avenues through which attackers can target users while evading email security filters.

The aim of DevOps automation is clear: reduce human error, shorten feedback loops, make repetitive tasks more efficient, and enforce security along with recovery by default. By implementing automation the need for human intervention is reduced – tackling the most common cause of data loss. Table of contents: hide Automation in DevOps Important aspects for automation tools AI in DevOps automation.

Lean teams are under constant pressure to move faster: more SaaS, more automations, and more AI woven into daily work. People sign in more often, across more apps, on more devices, and they’re rewarded for speed, not caution.

AI and automation are embedded in daily work. Copilots draft content and pull in customer context. Agents triage tickets, update records, and trigger workflows across Slack, Salesforce, Jira, and GitHub. In engineering, this acceleration shows up in scripts, CI/CD pipelines, and infrastructure automation that depend on secrets to ship and operate software.

Securonix Threat Research analyzed a stealthy, multi-stage malware intrusion chain utilizing an obfuscated batch script (non.bat) to deliver multiple encrypted RAT shellcode payloads corresponding to XWorm, XenoRAT, and AsyncRAT.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Looks like this problem hasn’t gone away from last year. Seems money makes it persistent. Surprised?