Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Keeping Kiwis safe online: Tackling New Zealand's email security challenges

New Zealanders are feeling the pain of more frequent and effective cyberattacks. While knowing how to avoid attacks is important, it’s not enough to prevent damage. Consumers, businesses and service providers all need to do more to ensure safe email communications. Numbers tell the story.

How DSPM Improves Data Access Governance

Data access governance (DAG) is the set of policies, controls, and processes that determine who can access sensitive data, under what conditions, and with what level of oversight. For most organizations, the policies exist. What's harder to verify is whether those policies reflect the actual state of data across cloud storage, SaaS platforms, and data pipelines.

Legacy Medical Devices Aren't Going Away: Why Healthcare Needs an Identity-First Security Strategy

Phil Englert recently highlighted an uncomfortable reality facing healthcare organizations: legacy medical devices remain one of the most significant cybersecurity risks in modern healthcare environments. Unsupported operating systems, limited security capabilities, patching challenges, and increasing cyber threats create a perfect storm for hospitals attempting to balance patient care, operational continuity, and cybersecurity. The challenge is not new, but it is becoming more urgent.

94% of Organizations Report Cloud Breaches: CrowdStrike State of CDR Survey

Organizations are struggling to detect, investigate, and contain cloud threats before adversaries achieve their goals. The new CrowdStrike State of Cloud Detection and Response (CDR) Survey highlights the primary challenges they face: Together, these challenges are creating opportunities for threat actors to successfully breach cloud environments.

Network Traffic Analysis: A Guide to Modern Threat Detection

Your team probably already has a SIEM, endpoint telemetry, firewall logs, and a growing backlog of alerts no one wants to tune right before a board update. Then an incident review exposes the same problem security leaders keep finding: the attacker didn't need to defeat every control. They only needed to move through a part of the environment no one was watching closely enough.

The Most Targeted Industries: What DevOps Teams Can Learn from Recent Incidents

Which industries are attracting the most attention from cybercriminals today? According to the DevOps Threats Unwrapped Report 2026, Technology and Software organizations remained the most targeted sector. This finding is consistent with our previous research in the 2024 CISO’s Guide to DevOps Threats, showing that attackers continue to focus heavily on organizations that build, manage, and distribute software. What changed, however, was the composition of the industries that followed close behind.

An independent code review of Persona's data practices

We believe trust is earned through demonstration and transparency, not promises. That’s why we worked with Trail of Bits, an independent security firm that has spent years reviewing the code behind widely-used software from cryptography libraries to critical open-source infrastructure. Persona regularly undergoes independent third-party audits across our security, privacy, and product programs.

How to layer fraud checks on top of Anthropic's KYC Screener agent

Anthropic released a pre-built KYC Screener agent last month. It runs a four-step workflow on onboarding records to extract structured data from KYC documents, evaluate that data against a firm's KYC rules, screen named parties, and escalate exceptions to a compliance file for human review. The Anthropic template is purpose-built for meeting basic KYC compliance requirements during onboarding, and it lowers the cost of getting it right.

What is continuous application assurance? A new model for enterprise risk

Most CISOs can’t answer a simple question with confidence: are the controls protecting our most critical applications actually working right now? Not last quarter, or the last time someone ran an assessment, but right now. That’s not a failure of effort. Enterprise security teams run on thousands of applications. Each one carries contracts, regulatory obligations, and customer trust.

The World Cup Creates the World's Largest Attack Surface

When 48 teams, 104 matches, 16 host cities, and a broadcast audience approaching half the planet converge across six weeks, something else converges at the same time: opportunity for the people trying to exploit it. The 2026 FIFA World Cup is the most complex digital event in history, and the security challenge it creates is not limited to the tournament organizers.