Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Brilliant AI, broken defenses? AI-powered apps are revolutionizing how we search, learn, and communicate, but the rapid pace of innovation has come at a cost: security is often an afterthought. As part of our AI App Security Analysis Series, we’ve been scrutinizing some of the most popular AI tools on Android for hidden vulnerabilities that could put millions of users at risk.

If the mere mention of identity governance and administration (IGA) stresses you out, you’re in good company. Managing digital identities and access privileges is a significant challenge that only grows more difficult as cloud adoption accelerates, and environments and threats become increasingly complex. Today, many organizations struggle to support the three key IGA business drivers: compliance, lifecycle management, and security.

In this episode of Security Matters, host David Puner sits down with Marene Allison, former Chief Information Security Officer (CISO) of Johnson & Johnson, for a candid and wide-ranging conversation on trust, identity, and leadership in cybersecurity. From securing global vaccine supply chains during the COVID-19 pandemic to navigating the rise of AI and machine identities, Marene shares hard-earned insights from her decades-long career in national security and the private sector.

At this year’s Money20/20 Europe, the focus was clear and pragmatic. Three themes came through consistently: digital identity, stablecoins, and open banking. Each reflects a broader shift underway. Institutions are moving from exploration to implementation. Regulatory frameworks are taking shape. Infrastructure is evolving to meet new demands. These priorities emerged across our discussions with partners, customers, and colleagues—and signal where the market is heading.

Over the past year, cybercriminal activity has shifted toward exploiting vulnerabilities found in company perimeters and infrastructure systems. Attacks are also being carried out within shorter and shorter timeframes. According to data from Google Threat Intelligence Group (GTIG) in 2024, 44% of zero-day attacks affected enterprise-focused technologies, compared to 37% in 2023.

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.

Modern conflict is no longer dominated solely by tanks, ships, and fighter jets. The nature of warfare itself has transformed dramatically. Today, battles are increasingly fought—and won—in cyberspace. Historically, military leaders intimately understood their hardware; pilots knew their planes, naval commanders knew their ships, and tank commanders knew their armoured vehicles.

AT&T, one of the largest telecommunications providers in the United States and the fourth-largest telecommunications company in the world by revenue, experienced a significant data leak, which became public in June 2025.

AI coding assistants like GitHub Copilot and Google Gemini Code Assist are changing how developers work — accelerating delivery, removing repetition, and giving teams back time to build. But speed isn’t free. Studies show that around 27% of AI-generated code contains vulnerabilities, not because the tools are broken, but because they generate code faster than most teams can review it. The result? A growing wave of insecure code is making it into production.

The EU AI Act is the most comprehensive law in the world to regulate artificial intelligence. This law doesn’t just apply to organizations inside the European Union, it also affects anyone doing business with the EU or offering AI-powered services in that market. If you use AI tools like ChatGPT, Copilot, Jasper, or Bard for automation, reporting, or client communication, yes, then definitely this applies to you.