Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The way developers interact with tools is changing fast. Language models like Claude and ChatGPT, and IDEs like Cursor and Windsurf are much more than assistants and environments—they’re powerful interfaces for interacting with enterprise data. ‍ At Vanta, we envision a world where compliance workflows can shift left to meet GRC teams and developers where they already are. By launching the Vanta MCP Server, we’re making that vision real.

Researchers at Trellix warn of a spear-phishing campaign that’s targeting CFOs around the world with phony employment offers. The emails are designed to deliver a legitimate remote access tool that will give the attacker a foothold on the victim’s machine.

A criminal threat actor tracked as “UNC6040” is using voice phishing (vishing) attacks to compromise organizations’ Salesforce instances, according to researchers at Google’s Threat Intelligence Group. After gaining access, the attackers exfiltrate the victim’s data and hold it for ransom.

AI red teaming is the process of simulating adversarial behavior to test the safety, security, and robustness of artificial intelligence systems. It draws inspiration from traditional cybersecurity red teaming (where ethical hackers emulate real attackers to expose flaws) but applies that mindset to machine learning models, data pipelines, and the broader AI stack.

This blog has been adapted from a section of 1Password’s ebook: Why SSO is not enough for identity security. To read the complete ebook, click here. Single sign-on (SSO) solutions are designed to manage and secure access to SaaS applications. By integrating with a company’s identity provider (IdP), SSO allows teams to authenticate an identity to multiple applications via a single log-in.