Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a virtualization market leader, VMware offers products for a wide range of users. Its enterprise-grade line includes VMware vSphere products like ESXi, which is a type 1 hypervisor. VMware also offers type 2 hypervisors like VMware Workstation Player (or VMware Player) and VMware Workstation Pro (or VMware Workstation). Type 2 hypervisors are installed on the underlying host OS running on the physical machine.

VMware is one of the best virtualization platforms in the world, popular among IT specialists for its ability to provide high-speed operations, reliability, scalability, security, and convenience. VMware ESXi Server is a type 1 hypervisor designed to be installed directly on physical servers, that is, it is a bare metal hypervisor. VMware type 2 hypervisors (VMware Player, Workstation, and Fusion), on the other hand, can be installed on existing operating systems running on desktops and laptops.

Assuming security is a post-revenue problem is the most expensive strategic mistake a founding team can make. Most founders discover this in the worst possible context: a Series A due diligence call, where a prospective investor’s technical team has spent three days stress-testing the product and found that user IDs are sequential integers, the admin panel has no rate limiting, and the staging environment is reachable from the public internet.

Meta spent months telling the world its AI support system was making Instagram safer. Within six weeks of launch, the vulnerability in the recovery system had handed 20,000 (Instagram account recovery PII leak) accounts to attackers who never owned them. Two incidents in the first week of June 2026 exposed the same underlying problem from different angles.

BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers have been tracking an active ClickFix campaign that manipulates users into believing their web browser requires a security update. If the user complies, the ClickFix lure initiates a multi-stage infection chain that ultimately deploys the Lorem Ipsum Loader, a malware family BlueVoyant first documented in May 2026.

One of the less surprising findings of the 2026 Verizon Data Breach Incident Report (DBIR) is the fact that incidents targeting the Financial and Insurance sector are on the rise. As they put it, “This sector continues to be a favorite among attackers, which isn’t surprising given that its core business is handling money.”

At 1Password, we regularly invite outside experts to challenge our assumptions and strengthen our security. We encourage security researchers to participate in our bug bounty programs, and have spent years building a collaborative research environment. We also believe in the benefit of open source software and standards, which raise the bar for the industry as a whole, while ultimately benefiting our 1Password customers.

"The hardest thing in security is always the chaos," according to Travis McPeak, Head of Security at Cursor. He shared this with Nancy Wang, CTO of 1Password, and Dev Tagare, Senior Director of Engineering at Google, on a recent episode of Zero-Shot Learning, the podcast about how AI gets built, secured, and deployed. "We're always going to have more that we have to be doing than we can actually do.".

When we first launched DMARC Management, it was driven by a simple belief: every domain on the Internet deserves strong email authentication, and cost should never be the reason it doesn't happen. As part of our mission to help build a better Internet, we made DMARC Management available for free to every Cloudflare customer. We wanted to give everyone the tools to understand and improve their DMARC posture without needing to hire an email security consultant or parse XML report files by hand.

The gap between your last backup and a failure defines exactly how much data disappears. That gap is your recovery point objective (RPO), and teams running production workloads on OpenShift and KubeVirt find that most traditional DR tools simply don’t understand the environment well enough to close it. Near-zero RPO requires synchronous replication at the block level. Data must hit both your primary and DR site simultaneously.