Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Artificial intelligence has fundamentally changed how we build software. Generative AI tools help developers write code faster, automate mundane tasks, and solve complex logic problems in seconds. But this speed comes with a hidden cost. When you accelerate development without adjusting your security posture, you inadvertently accelerate risk. Relying on AI-generated code and open-source packages in cloud environments can expose your organization to serious, often silent, vulnerabilities.

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.

Researchers at Palo Alto Networks’ Unit 42 warn of a proof-of-concept (PoC) attack technique in which threat actors could use AI tools to generate malicious JavaScript in real time on seemingly innocuous webpages. “Once loaded in the victim's browser, the initial webpage makes requests for client-side JavaScript to popular and trusted LLM clients (e.g., DeepSeek and Google Gemini, though the PoC could be effective across a number of models),” the researchers write.

Compliance evidence only works if it reflects the current state of the system. At Aikido, we’ve always treated compliance as a byproduct of good security, not a separate exercise teams need to prepare for. That’s why Aikido integrates with multiple compliance platforms. The goal is simple: let teams use the security data generated in Aikido wherever they run their compliance programs, without changing how they work or maintaining parallel processes.

Web shells remain one of the most potent weapons in an adversary’s arsenal, particularly when targeting Linux servers and containers. These malicious scripts serve as powerful remote access tools with capabilities such as process execution, filesystem access, and tunneling of network connections.

Panera Bread is a leading American bakery-café fast casual restaurant chain with over 2,000 locations across the United States and Canada. Founded in 1987 as St. Louis Bread Company in Kirkwood, Missouri, the company has grown into one of the nation's most recognizable fast-casual dining brands. Headquartered in Fenton, Missouri, Panera Bread serves millions of customers with its menu of freshly baked breads, sandwiches, soups, salads, and specialty beverages.

Crunchbase is a leading market intelligence platform that provides comprehensive data on private and public companies worldwide. Founded in 2007 and headquartered in San Francisco, California, the company serves over 80 million users, including investors, sales professionals, entrepreneurs, and business analysts.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! On first glance, a eye watering headline. However it comes down to them leaving credentials in an S3 bucket… It would have happened anyway.

When Gartner introduced Continuous Threat Exposure Management (CTEM) in 2022, it formalized a problem security teams had been struggling with for years: patching large volumes of vulnerabilities was not translating into meaningful risk reduction. CTEM reframed the problem. Instead of measuring progress by the number of CVEs addressed, it shifted focus to whether attackers could actually reach and exploit assets that matter to the business. What Gartner did not provide was a concrete recipe for execution.