Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

According to the State of Application Security 2026, insurance platforms saw a 115% increase in attacks per website. DDoS attacks per site rose by 143%, targeting critical periods like claim processing and policy renewals. In an industry built on trust, availability is a business promise. Even brief downtime disrupts revenue and compliance, making always-on DDoS protection a core requirement for insurance resilience.

According to the State of Application Security report 2025 Report, DDoS attacks targeting retail and e-commerce increased by 420%, API attacks rose by 104%, and API vulnerability exploitation grew 13-fold. For modern e-commerce, which relies heavily on APIs for mobile apps, third-party logistics, payment gateways, and inventory management, this is a critical vulnerability.

GitGuardian's NHI Governance now adds privilege context to leaked secrets, auto-escalating admin-level risks for smarter prioritization across AWS, Entra, and Okta. Discover how admin badges and overprivilege detection cut through noise to focus on true blast radius.

On May 11, 2026, between 19:20 and 19:26 UTC, 84 malicious npm package artifacts were published across 42 packages in the @tanstack namespace. The packages were not published by an attacker who stole credentials; they were published by TanStack's legitimate release pipeline, using its trusted OIDC identity, after attacker-controlled code hijacked the runner mid-workflow. The malicious versions spread to Mistral AI, UiPath, and dozens of other maintainers within hours.

Defending your network against modern hackers is a lot like playing a game of chess against an opponent who can move all their pieces at once. Traditional cybersecurity relies on anticipating human behavior and recognizing known patterns, but artificial intelligence (AI) changes the rules entirely. Attackers now use machine learning algorithms to automate their strikes, adapt to your defenses in real time, and scale their operations to unprecedented levels.

Cloud patch management is the process of centrally identifying, validating, and deploying operating system and software updates across cloud-based and remote workloads, reducing reliance on on-premises patching infrastructure while helping reduce the security risks associated with unpatched systems.

Built-in browser password managers are convenient. For enterprise secrets, convenience is not a security strategy. There are two kinds of password storage in the world: the kind that helps you log in to your favorite lunch-ordering site faster, and the kind that protects the credentials that can unlock your business. Sadly, many organizations treat both the same way.

A good way to measure the success and challenges of new technologies is to spend an evening networking with your peers. Sure, a lot of what you take in is anecdotal, but what you are looking for is consistency in the stories being shared and the industries where the stories are occurring. Recently, I had the opportunity to network with a number of my peers. I had one question that I asked consistently: “How are your AI deployments going?”

Security teams that have invested in AI governance programs over the past two years face a problem that those programs were not designed to solve. The controls built to manage generative AI, network proxies, browser monitoring, and SSO enforcement work when data moves through defined channels. Endpoint AI agents do not move through those channels. They run locally, operate at the OS level, and access data through pathways that exist entirely outside your current visibility.

Ransomware: AI changes the writer. It doesn't change the math. Why most endpoint protection still treats ransomware as just another piece of malware, and what changes when you watch the data instead of the attacker. In 2013, CryptoLocker introduced the modern ransomware playbook. It also introduced something most of the industry has still not come to terms with: remote encryption.