Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Famous Chollima combines BeaverTail and OtterCookie, COLDRIVER deploys three new malware families, and Vidar Stealer 2.0 demonstrates upgraded capabilities.

Artificial intelligence has only been available for a relatively short period. Still, already many cyber defenders are as frightened as if Jenna Ortega’s Wednesday Addams had whipped her head around and set her dark, dangerous eyes on them. It’s not hard to see why. Machine learning, Gen AI, and Retrieval-Augmented Generation (RAG) are a few of more than 20 new acronyms flooding our industry, with more being added almost every day.

Nightfall delivers the most comprehensive endpoint DLP in 2025 by combining lightweight agents with cloud-native architecture, protecting Windows, Mac, endpoints while uniquely preventing data leaks to AI tools with 95% accuracy.

Organizations increasingly demand platforms that not only accelerate software delivery but also provide trust, security, and traceability. At JFrog, the software supply chain is managed and secured by default, from commit to runtime. That’s why our deep integration with GitHub is central to how we help teams manage, monitor, and secure every step of software delivery. In this post, we’ll explore.

Every automation initiative starts with excitement, intent-based networking, AI-driven decisions, and Python scripts promising speed and resilience. But when someone asks, “Do we know what IPs are in use?” silence often follows. If your IP tracking lives in spreadsheets, you’re not alone, but you are vulnerable. Before writing a single script, teams need an authoritative and current IP source of truth.

Static application security testing (SAST) is foundational to modern application and code security programs. Yet these tools inevitably produce false positives that require manual review. When scanners find vulnerabilities that are not genuine issues, they erode trust, slow down remediation, and make it harder for teams to understand which alerts require attention.

TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL Injection. It amplifies every other API vulnerability (like BOLA) and happens everywhere because developers prioritize speed over explicit data filtering. Fixing it means systematically checking hundreds of endpoints for unneeded PII and sensitive internal data.

As we near the end of Cybersecurity Awareness Month, a quick reminder that digital threats aren’t just a concern for Fortune 500 companies. Small and medium-sized businesses (SMB’s) face mounting cyber risks, yet many lack the resources or expertise to defend against increasingly sophisticated attacks. The reality? Cybercriminals target SMBs precisely because they assume you’re unprepared.

Endpoint detection and response (EDR) tools, and the analysts using them, have become incredibly effective. They have become so good, in fact, that we're now seeing a clear shift in adversary behavior: attackers are being pushed off the endpoint and onto places where EDR cannot run. This isn't just a theory. As I was writing a separate blog about a recent Cisco exploit which spurred an immediate CISA emergency directive, news dropped about another major network edge vendor, F5.

At the AI Agent Security Summit in San Francisco, some of the brightest minds in AI security and top industry leaders gathered to tackle one of the most challenging problems in tech nowadays - how do we secure super smart systems that change at runtime and are designed to think, adapt, and compete? As someone who spends every day turning AI security challenges into tangible solutions, I left the summit both inspired by the innovation on display and concerned by the magnitude of what’s still ahead.