Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

I recently attended the RSA Conference 2026 (RSAC 2026) in San Francisco. I have been attending and speaking at RSAC for a long time, and every year I try to figure out what actually changed versus what just looks new. This year felt different, but not in the way the expo floor would suggest.

Microsoft is preparing a major change to Windows that could quietly reshape how security and compatibility are balanced across the entire ecosystem. Starting April 2026, Windows will begin blocking kernel drivers signed through the legacy cross-signed root program by default, replacing a decades-old trust model with a stricter, policy-driven approach centred on the Windows Hardware Compatibility Program (WHCP). This is more than a routine update.

In November, we shared our vision for the Future of Snyk Container, outlining a fundamental shift in how teams secure the modern container lifecycle. We promised a future where security doesn’t just “scan” but scales effortlessly with the speed of the AI-driven, agentic world. Today, we are thrilled to announce that we are moving from vision to reality.

Cybersecurity has entered a new operating reality. Threats are scaling faster, attack chains are becoming more complex and AI is accelerating both their frequency and sophistication. For MSPs, this creates a structural challenge: clients expect enterprise-grade protection, but most service providers don’t have the internal resources to operate a 24/7 SOC at scale. That’s where MDR comes in. But not all MDR services actually solve the problem.

This report documents a direct operational link between the exposed infrastructure of Iranian threat actor MuddyWater and TAG-150 CastleRAT malware – a modular malware-as-a-service (MaaS) platform developed by Russian-speaking cybercriminals.

For many enterprise security teams, audit season feels less like validation and more like reconstruction. Not because they lack logs, and not because their teams are careless, but because their privilege model was never designed to produce a clean, unified story. In Microsoft Entra ID environments, Privileged Identity Management (PIM), works well as long as your world is entirely Microsoft. But no enterprise operates in a single-vendor bubble.

An intern gets admin access to production for a temporary task, but nobody remembers to revoke it. Imagine that intern works at machine speed, never sleeps, and can chain dozens of actions before you’ve read the Slack ping—and has no instinct for when they’re about to do something irreversible.

CertKit is officially out of beta. We started building CertKit a year ago, and since then over 600 people signed up, issued certificates, and deployed to their infrastructure. Several are running it as their production certificate management platform right now. We built a lot during the beta. Some of it we planned: SSO, team management, alerting. Other things, users had to beat into us. The Keystore came from enterprise security requirements to keep private keys in house.

As cyber threats grow and become more threatening, businesses must shift to stronger, more proactive strategies to protect their data and networks. Zero Trust Security is one such approach gaining traction. Based on the principle of "never trust, always verify," Zero Trust continuously authenticates and authorizes every user and device before granting access to sensitive systems or data, regardless of whether they are inside or outside the network.

For DoD contractors handling Controlled Unclassified Information, CMMC 2.0 compliance and CMMC Level 2 certification are now required to meet DoD cybersecurity requirements. Key Takeaways How CMMC Has Evolved What Does This Mean for Your Organization? Now Certified as C3PAO Begin Your Own CMMC 2.0 Journey.