Managed accounts for MSPs, plus 45-day certificates you can use today
Two things shipped this week. One is for the MSPs who manage certificates on behalf of other companies. The other lets you run the shorter 45-day renewal cycle today.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Cloudpepper Review: The Best Managed Odoo Hosting in 2026
Most Odoo hosting gets sold to you as a feature list. Workers, storage, a price next to a checkmark. Then you actually run the thing and discover the list never mentioned the parts that hurt: backups you can't download, a database you can't touch, a server you don't really control, and a bill that climbs every time you add a user. Cloudpepper takes the opposite approach. It is managed Odoo hosting where the platform handles the operational work and you keep the control. This review walks through what that means in practice, where it fits, and where it doesn't.
Why "Private" Hosting Isn't the Same as Secure Hosting
For many organizations, the move to virtual private server (VPS) hosting feels like a natural security upgrade. After all, the word private suggests isolation, control, and protection; especially compared to shared hosting environments. But in practice, private hosting does not automatically mean secure hosting. In fact, without the right security maturity, VPS environments can introduce new risks rather than eliminate old ones.
Miasma: Red Hat Cloud Services npm Packages Hit by a Mini Shai-Hulud-Style Campaign
On June 1, 2026, multiple npm packages in the @redhat-cloud-services scope were published with malicious versions. Each tarball ships a 4.1 MB obfuscated JavaScript file added to package.json as a preinstall hook. The hook runs a multi-stage loader that ends in a Bun-executed credential stealer hitting AWS, Azure, GCP, HashiCorp Vault, Kubernetes, GitHub Actions OIDC, npm, Bitwarden, and 1Password.
Why is AES-GCM Encryption the Recommended Security Standard for DevOps Backup?
Building a resilient CI/CD pipeline means protecting every piece of data that makes your code run. Your environment variables, secret tokens, and configuration files demand the exact same security as your core repositories. Traditional backup protocols leave these assets completely vulnerable to silent manipulation. If ransomware subtly modifies your archived backup, executing a restore will deploy the corrupted files straight into production.
Apple doesn't care who signed your certificate
The pitch for private PKI gets more compelling every year. Public certificate lifetimes are down to 200 days, dropping to 47 by 2029. If you run your own private certificate authority, you make your own rules. Issue certificates for as long as you want, skip the renewal churn. Let’s Encrypt and DigiCert don’t get to tell you what to do. Apple does though.
GitGuardian's VS Code Extension Just Made It Even Easier To Fight Secrets Sprawl
We are excited to announce the release of the GitGuardian Visual Studio Code Extension version 0.23.0! Aside from updating the tool to use the latest version of ggshield, it now can show all findings in a convenient list view int he primary sidebar.
Why Your Detection Latency Budget Determines Blast Radius
Most teams buy detection on a single number. The datasheet says “millisecond detection,” the proof-of-concept fires the instant a test payload lands, and the box gets checked. Then a real AI agent incident runs in production, and the postmortem shows the attack completed its objective well before anyone contained it, even though the alert, technically, fired in milliseconds. The number was real. It just measured the wrong thing.
What to Log for AI Agent Activity: The Minimum Viable Audit Trail
The first time a security team needs an AI agent audit trail is usually 72 hours after the agent has already done something it shouldn’t have. Detection fires. Someone pulls every relevant log from the SIEM (Kubernetes audit, container runtime, cloud audit) and three hours in realizes the events that actually matter were never written. Which prompt triggered the tool call. Which parameters the agent passed. Which output left the cluster.
AI-SPM Tools for Attack Detection: Where Posture Meets Runtime
Every AI-SPM tool runs posture and detection with a single arrow: runtime evidence flowing back to rank posture findings. The load-bearing direction runs the opposite way, and almost nothing runs it — posture flowing forward to tell the detection layer what an attack even looks like.