Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In Part 1 of this series, we discussed the CI/CD security boundary, mapped out potential attack vectors with a CI/CD threat matrix, and introduced a simple threat model focused on ideating detection workflows. In this post, we’ll apply these principles to a real-world source code management (SCM) tool example that every developer is familiar with: GitHub. In addition to threat modeling, we’ll also be taking a closer look at historical attacks on GitHub and GitHub Actions ecosystems.

Source code management (SCM) and CI/CD pipelines have become the industry standard for automating software delivery. But from the time a code change enters your SCM until it’s deployed, it’s susceptible to changes and reconfigurations that can go so far as to modify the pipeline itself. If you’re not proactively securing your CI/CD system, attackers can use it to grant themselves permissions, access secrets, and ship malicious code.

VMware costs are climbing. Broadcom’s acquisition reshuffled licensing terms, and IT teams everywhere are looking for a way out. SUSE Virtualization is one of the options getting serious attention, and for good reason. It’s an open-source, Kubernetes-native platform that runs virtual machines and containers in a single environment instead of forcing you to manage two separate stacks.

NIST Special Publication 800-171 defines a precise set of security requirements for organizations that handle Controlled Unclassified Information (CUI) outside of federal systems. For defense contractors, subcontractors, and their engineering teams, these controls are non-negotiable with the advent of the Cybersecurity Maturity Model Certification (CMMC) program, which dictates how CUI must be accessed, logged, transmitted, and protected across every system in scope. That scope is shifting.

Most cloud services today are available to customers based on what is known as the “shared responsibility model”. This applies to Microsoft 365 services and apps. Although Microsoft 365 data is stored in the cloud, this user data should be backed up by the customers. This blog post explains why you should back up Microsoft 365 data, backup features, challenges, and how to back up Microsoft 365 effectively.

For organisations working towards SOC 2, penetration testing is often one of the more visible and scrutinised components of the audit process. While SOC 2 is not prescriptive in how controls must be implemented, it does require clear evidence that risks are identified, assessed, and addressed through effective security practices. SOC 2 penetration testing plays a key role in demonstrating this.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.

The AI SOC has arrived. According to the 2026 AI SOC Leadership Report, 94% of organizations are using AI in the SOC in some capacity. The question in 2026 is no longer whether to adopt AI-driven SOC automation, but rather how to do so. Is the architecture behind that adoption actually working?