Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Nearly 94% of ransomware attacks initially targeted backups. Mainly to encrypt them. That means, for SaaS and DevOps platforms, backup alone no longer solves the problem of data protection. A copy of backup data is worthless if it can be altered (corrupted) or blocked when you need it most. Besides, integrity has to be provable and data recovery certain. That’s why immutable storage is a baseline requirement for resilience in modern IT architectures.

Earlier this year, the UK’s National Cyber Security Centre (NCSC) released its annual review for 2025. The report reveals the troubling reality of the modern threat landscape and, crucially, how the NCSC recommends organizations and the wider security ecosystem shield themselves from it. Let’s dive in.

On the eve of KubeCon 2025, experts from companies like Uber, AWS, and Block shared how SPIRE and workload identity fabrics reduce risk in complex, cloud-native systems.

A new report from Entrust warns of an increase in deepfake attacks, which now account for one in five biometric fraud attempts. Additionally, instances of deepfaked selfies have increased by 58% over the past year. “This rise in deepfakes is part of a broader trend of increasingly sophisticated attacks driven by injection attacks, which surged 40% year-over-year,” Entrust says.

This article is part of a monthly LevelBlue series that explores the evolving world of AI governance, trust, and responsibility. Each month, we look at how organizations can use artificial intelligence safely, thoughtfully, and with lasting impact. Artificial intelligence has moved from being an experiment to becoming an expectation. It now shapes how decisions are made, how customers are supported, and how innovation happens. As AI grows in influence, so does the need to manage it wisely.

Your team edits a video in Adobe, reviews slides in PowerPoint, and finalizes copy in Google Docs—all in the same week. Without application interoperability, files get stuck, projects stall, and deadlines slip. That’s why interoperability isn’t a nice-to-have. It’s the backbone of how modern teams work.

On November 19, 2025, Salesforce announced an investigation into unusual activity involving applications published by Gainsight, a company that provides customer success software integrated with Salesforce. In their advisory, Salesforce indicated that they had notified affected customers directly, and that an investigation is ongoing. Salesforce has not yet provided details about the full scope of the malicious activity.

Enterprises searching for proactive cybersecurity tools are looking for one essential outcome: stop scams before they result in credential theft, account takeover, or financial loss. This outcome is critically important because the financial stakes for failure are at an all-time high: according to IBM, the average cost of a data breach involving stolen or compromised credentials is a staggering $4.44M according.

ISO 27001 is a very useful certification for just about any company operating abroad. Comparable in many ways to NIST-based frameworks like CMMC in the United States, ISO 27001 is an international standard built to help organizations of all sizes, in all industries, across all regions of the world, to obtain a high level of standardized information security.

We’ve all been there: you send an API request, wait for the response, and boom, you get hit with the “CORS error” pops up in your browser console. For many developers, the first instinct is to find a quick fix: add Access-Control-Allow-Origin: * and move on. However, that approach misses the point entirely. CORS isn’t just another configuration hurdle, but one of the most important browser security mechanisms ever built.