Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the current threat landscape, the pressure on security operations center (SOC) teams has never been higher. Yet for many organizations, the reality of daily security operations is less high-tech threat hunting and more of an uphill battle against manual processes and fragmented data. To understand why SOC teams are burning out, let's walk through a typical morning of an SOC analyst.

Following our deep dive into the internals of ClickOnce application deployment in Part 1 of this two-part blog series, let’s focus on the security implications of this technology. In this blog, we examine how threat actors can weaponize ClickOnce features, and we reveal what we believe to be a new abuse that security teams need to be aware of.

Sharing applications with the world is no easy task. Developers struggle to ensure compatibility across different platforms, vendors continually search for new channels to showcase and distribute their software, and users often encounter hurdles when installing and updating the applications. To help solve this challenge, Microsoft offers multiple solutions including its Microsoft Store, the native Windows Installer component (.msi packages), and a lesser-known but powerful option: ClickOnce technology.

Security and IT leaders face a contradictory mandate: move faster with AI and automation while maintaining governance over every action that touches production systems, user accounts, and sensitive data. Most tools force a choice between two failure modes. Either the workflow runs autonomously, and the team hopes nothing breaks, or every action requires manual approval and analysts spend their shifts rubber-stamping low-risk steps until oversight disappears behind a green-checkmark audit trail.

If you've built an integration with Egnyte, you know the process: register at developers.egnyte.com, create an account, wait for approval, and get your credentials. It works, but for admins who simply want to start making API calls against their own domain, the process isn’t simple or fast enough. Starting today, that changes. Egnyte admins can now generate Collaborate API credentials directly from the Egnyte App Store—no external registration, no approval wait, no context-switching.

For nearly a decade, the security industry has used machine learning to solve detection. By feeding it enough logs and determining abnormal behaviors, it found the threats that rules-based systems miss. This delivered sharper anomaly detection, fewer false positives, and UEBA is now essential. In fact, threat detection and analytics account for close to 44% of total SIEM spend, the single largest use case by far. Using machine learning for detection was only the start.

Across Europe, two major regulatory deadlines are arriving that will reshape the mechanics of identity verification for EU-regulated businesses. By the end of 2026, eIDAS 2.0 will require organizations to accept EUDI Wallets for online services where electronic identification or authentication is necessary. That obligation covers state, regional, and local authorities; bodies governed by public law; and certain private entities that are required to provide public services.

A large-scale credential compromise campaign known as FortiBleed has exposed verified administrator credentials for more than 73,000 internet-facing Fortinet FortiGate firewalls. As of mid-June 2026, the dataset is reportedly circulating within criminal underground communities. Researchers estimate that approximately 50% of all internet-reachable FortiGate devices may be affected across 194 countries, making this one of the most significant Fortinet security incidents to date.

As Canada strengthens privacy protections and enforcement, organizations must find a way to accelerate AI innovation while maintaining continuous visibility into how customer data is collected, shared, and protected. Canada’s proposed Bill C-36 is about more than privacy regulation. It reflects a broader challenge facing governments, regulators, and businesses around the world.

The Trump administration has ordered Anthropic to restrict access to its most advanced AI models, Fable 5 and Mythos 5, citing national security concerns. Officials raised the possibility that these systems could be used by foreign actors to identify software vulnerabilities or support cyber attacks.