Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Non-human identities are the fastest-growing and least-governed identity population in most environments. Service accounts, API keys, and AI agents run without MFA, without owners, and without expiration. Traditional identity and access management (IAM) wasn't built to manage them. Without governance for discovery, ownership, and lifecycle management, stale machine credentials become attacker footholds that persist for months.

CVE-2026-22769 is a hardcoded credential vulnerability affecting Dell RecoverPoint for VMs, a disaster recovery orchestration platform used to manage replication and failover of virtualized workloads. The issue stems from static authentication credentials embedded within a product component. Because these credentials are not uniquely generated per deployment and cannot be changed by administrators, they introduce a structural authentication weakness.

AI data governance is the structured framework that ensures sensitive data remains protected when artificial intelligence systems are used. Traditional data governance focuses on data at rest. It manages databases, access controls, storage policies, and compliance documentation. AI fundamentally changes the environment, and hence, understanding AI data and privacy is crucial. When organizations use large language models, AI agents, or retrieval-based systems, data flows dynamically.

Most teams try to fix prompt injection in the prompt itself. They add guardrails. They rewrite system messages. They stack more instructions on top of instructions. It feels productive. It is also fragile. Prompt injection is not just a prompt problem. It is a data problem. And if you treat it like a wording problem instead of a data control problem, you will keep playing defense. Let’s unpack why.

Social engineering remains the most reliable way into an organization—and attackers are getting better at it every day. According to the 2025 Verizon Data Breach Investigations Report, up to 68% of breaches involve social engineering. AI has only widened the gap. More than 95% of cybersecurity professionals say AI-generated phishing is harder to detect, and Microsoft reports that AI-generated phishing emails are 4.5x more successful than manually created ones.

Threat actors are using phony meeting invites for Zoom, Microsoft Teams, Google Meet, and other video conferencing applications to trick users into installing remote monitoring and management (RMM) tools, according to researchers at Netskope. The invites lead to convincingly spoofed landing pages for fake video meetings, complete with a list of coworkers who have supposedly already joined the call. The page instructs the user to install a software update in order to join the video meeting.

As cyber defenses become stronger, adversaries continue to evolve their tactics to succeed. In 2025, the year of the evasive adversary, the threat landscape was defined by attacks that targeted trusted relationships, demonstrated fluency with AI tools, and incorporated tradecraft tailored to exploit security blind spots.

OAuth is a commonly used authorisation framework, that allows websites and web applications to request limited access to a user’s account on another application. Users can grant this limited access to their account, without ever needing to expose their password with the requesting website or application. This is commonly seen with sites that allow you to log in with popular accounts such as a social media login, Microsoft or Google account.

AI has radically transformed the way SOC teams operate, but how is it affecting the people behind the work? For our recent Voice of Security 2026 report, we surveyed over 1,800 global security professionals to find out. We wanted to understand not only AI’s impact on security careers, but how teams really feel about these shifts. The results show that despite rising workloads and widespread burnout across security teams, sentiment toward AI is largely positive.

The Notepad++ incident is a reminder that the tools we use to build our businesses can also be used to break them.