%term

New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

Jan 21, 2026 By Reflectiz

Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in clientside risk across global websites, driven primarily by thirdparty applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of thirdparty applications now access sensitive data without legitimate business justification, up from 51% last year - a 25% yearoveryear spike highlighting a widening governance gap.

Read Post

Read more about New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization

Best Cloud Compliance Tools in 2026: From Audit-Prep to Runtime Verification

Jan 21, 2026 By Jonathan Kaftzan In ARMO

What are the three types of cloud compliance tools? Audit-prep platforms (Drata, Vanta) automate evidence collection for certifications. Security posture management/CSPM (Wiz, Prisma Cloud) scan configurations at a point in time. Runtime compliance verification (ARMO, Sysdig) monitors actual workload behavior continuously. Choosing the wrong type means solving for the wrong problem. What is compliance drift and why does it matter? The gap between your last scan and your current state.

Read Post

ARMO

Read more about Best Cloud Compliance Tools in 2026: From Audit-Prep to Runtime Verification

Can WAF prevent browser attacks that break PCI compliance?

Jan 21, 2026 By Feroot In Feroot

The answer to whether WAF can see and prevent browser attacks that break PCI compliance depends on the lens you use. Through the lens of Requirement 6.4.2, the answer is mostly yes. But through the lens of 6.4.3 and 11.6.1, it gets a little blurry. Requirement 6.4.2 is about stopping web-based attacks at the application layer by inspecting outbound and inbound HTTP traffic at the server side.

Read Post

Feroot

Read more about Can WAF prevent browser attacks that break PCI compliance?

Top 10 CISOs' strategic priorities in 2026

Jan 21, 2026 By Sravish Sridhar In TrustCloud

CEO, TrustCloud.

Read Post

TrustCloud

Read more about Top 10 CISOs' strategic priorities in 2026

How the future of privilege is reshaping compliance

Jan 20, 2026 By Yaarit Natan In CyberArk

If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how privileged access is controlled and proven. Regulatory requirements are multiplying, audit cycles are tightening, and the definition of privileged access has quietly expanded beyond people to workloads, automation, and AI-driven systems.

Read Post

CyberArk

Read more about How the future of privilege is reshaping compliance

PCI DSS Penetration Testing Requirements Explained

Jan 20, 2026 By Narendra Sahoo In VISTA InfoSec

Overall, PCI DSS 4.0.1 is a set of 12 requirements distributed over six goals as a security standard for credit cards and debit cards. Not having proper documentation, poor protocols, or insufficient penetration testing may be among the reasons as to why PCI DSS audits fail.

Read Post

VISTA InfoSec

Read more about PCI DSS Penetration Testing Requirements Explained

Healthcare Ransomware Recovery: A HIPAA-Compliant Response Framework

Jan 20, 2026 By Mark Mazza In Opti9

Healthcare remains the most targeted sector for ransomware attacks, with 238 ransomware incidents reported to the FBI in 2024 alone. The Change Healthcare attack demonstrated the cascading impact a single breach can have across the entire healthcare ecosystem, affecting payment processing for providers nationwide and ultimately compromising data on an estimated 190 million individuals.

Read Post

Opti9

Read more about Healthcare Ransomware Recovery: A HIPAA-Compliant Response Framework

Scale compliance across global frameworks with Datadog Cloud Security

Jan 20, 2026 By Christina DePinto In Datadog

Security organizations are expected to keep pace with a growing set of regulatory and industry requirements as their cloud environments grow. Yet maintaining compliance in modern, fast-moving infrastructure is increasingly difficult. Cloud resources change by the minute, teams adopt new services without centralized oversight, and evidence needed for audits is often scattered across tools and providers.

Read Post

Datadog

Read more about Scale compliance across global frameworks with Datadog Cloud Security

Introducing Mend.io's AI Security Maturity Survey + Compliance Checklist available today

Jan 20, 2026 By Tiffany Jennings In Mend

Today, we’re excited to launch two practical tools to help teams quickly understand their AI maturity, quantify AI risk, and gather the evidence executives will ask for in 2026: an interactive AI Security Maturity Survey (with a personalized score and mapped recommendations) and a companion AI Security Compliance Checklist. Both are aligned to industry standards and built to be immediately useful in discovery, audits, and planning.

Read Post

Mend

Read more about Introducing Mend.io's AI Security Maturity Survey + Compliance Checklist available today

How to choose the best access review software: A buyer's guide

Jan 20, 2026 By Vanta In Vanta

As businesses continue to adopt new technologies and expand their digital ecosystem, about 72% of organizations report that overall security risks have never been higher. Access-related vulnerabilities, in particular, have emerged as one of the top cybersecurity concerns, since every new tool or system introduces additional access points, users, and permissions to manage.

Read Post