Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Although customer password vaults were not affected, LastPass confirmed that customer information was exposed when cybercriminals compromised a third-party market intelligence platform in June 2026. This is not the first time LastPass customers have had their information put at risk; LastPass’s major 2022 breach involved cybercriminals stealing backups of customer vault data.

As state and local governments modernize critical technology systems, they must also meet growing demand for cybersecurity, reliability, operational efficiency, and fiscal accountability. From citizen services and public safety operations to transportation networks, education systems, and emerging AI initiatives, agencies are managing increasingly complex environments with limited resources.

Memorandum M-26-14 from the Office of Management and Budget (OMB) marks a significant evolution in federal cybersecurity guidance, establishing a new risk-based framework for logging and network visibility across the United States federal government. The memo replaces the prescriptive requirements of Memorandum M-21-31 with an approach that emphasizes continuous monitoring, threat detection, investigation, and forensic readiness.

Under normal conditions, experiencing our digital reflection can feel surreal or even uncomfortable. So first off, we commend our participating execs for allowing us to use their publicly available personal data to create live audio/visual doppelgangers – as we found out just how advanced, believable, and potentially malicious our identity cloning tools currently are.

The developers and engineers here at 1Password are always working to improve our products. With all the active development to introduce features, fix bugs, and enhance the overall user experience, numerous code changes go into every release. We strive to ensure each iteration is better than the last and that new code doesn’t introduce vulnerabilities. A key part of this process is our Product Security (ProdSec) team’s review of all code changes that may have security implications.

AI did not create data exposure. It changed the consequences of it. Sensitive data, excessive permissions, and broad access policies have long existed across cloud environments. In the AI era, those issues are no longer passive governance concerns. They directly influence what AI users, copilots, agents, and applications can access, process, and expose. AI has turned a posture problem into operational risk. The challenge is not simply that more data is available.

If you're shipping software these days, there's a good chance an agent is in your development workflow. In fact, 84% of software developers say they use AI to write code, open pull requests, and push to production regularly; that number is only expected to grow. Some teams have gone further: they're designing loops, or recurring systems that direct agents continuously, without a human writing a new prompt at each step.

Modern exposure management has evolved beyond vulnerability scanning and alert volume into a discipline focused on measurable risk reduction. As the exposure management market matures, security leaders are adopting cyber exposure management platforms that unify signals across vulnerability, cloud, application, and attack surface tools to prioritize what truly matters.

Mobile devices have become the backbone of the modern workplace. Employees use smartphones to access business applications, tablets to support customer interactions, rugged devices to manage field operations, and laptops to stay productive from virtually anywhere. With remote work, hybrid teams, and BYOD policies becoming standard practice, organizations now rely on a growing mix of devices to keep business operations running.