Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The era of human-centric API consumption is officially ending. Over the past year, enterprises have rapidly transitioned from simply experimenting with Generative AI to deploying autonomous AI agents that drive core business operations. These agents act as digital employees. They utilize Large Language Models (LLMs) for reasoning, Model Context Protocol (MCP) servers for connectivity, and internal APIs for execution. This evolution has fundamentally altered the enterprise attack surface.

In Part 1 of this series, we discussed the CI/CD security boundary, mapped out potential attack vectors with a CI/CD threat matrix, and introduced a simple threat model focused on ideating detection workflows. In this post, we’ll apply these principles to a real-world source code management (SCM) tool example that every developer is familiar with: GitHub. In addition to threat modeling, we’ll also be taking a closer look at historical attacks on GitHub and GitHub Actions ecosystems.

Source code management (SCM) and CI/CD pipelines have become the industry standard for automating software delivery. But from the time a code change enters your SCM until it’s deployed, it’s susceptible to changes and reconfigurations that can go so far as to modify the pipeline itself. If you’re not proactively securing your CI/CD system, attackers can use it to grant themselves permissions, access secrets, and ship malicious code.

VMware costs are climbing. Broadcom’s acquisition reshuffled licensing terms, and IT teams everywhere are looking for a way out. SUSE Virtualization is one of the options getting serious attention, and for good reason. It’s an open-source, Kubernetes-native platform that runs virtual machines and containers in a single environment instead of forcing you to manage two separate stacks.

NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.

Most cloud services today are available to customers based on what is known as the “shared responsibility model”. This applies to Microsoft 365 services and apps. Although Microsoft 365 data is stored in the cloud, this user data should be backed up by the customers. This blog post explains why you should back up Microsoft 365 data, backup features, challenges, and how to back up Microsoft 365 effectively.

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.