Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An account-takeover campaign against Instagram shows why agentic AI inherits every business logic blind spot we already had and then hands it a megaphone. Over the past weekend, a number of Instagram users, including the long-dormant Obama-era White House handle and a U.S. Space Force senior enlisted leader found their accounts hijacked. As reported by TechCrunch, the entry point wasn’t a stolen password, a phishing kit, or a zero-day in Instagram’s code.

For years, the OWASP Top 10 has operated as the gold standard for highlighting the most critical web application security risks. The 2025 edition arrives at a time when application environments are becoming increasingly complex. Cloud-native architectures, software supply chain risks, APIs and AI-assisted development are all changing the way applications are built and secured.

The US Federal Bureau of Investigation (FBI) has warned that a new phishing-as-a-service (PhaaS) platform called “Kali365” is targeting OAuth tokens to gain direct access to users’ Microsoft 365 accounts without stealing credentials or multifactor authentication codes. “Through the Kali365 platform subscription, cyber threat actors can capture ‘OAuth’ tokens and gain persistent access to targeted individuals/entities' Microsoft 365 environments,” the Bureau says.

The era of "typing into a box" is over. For years, we viewed artificial intelligence as a digital assistant—a sophisticated autocomplete tool that waited for human input. But according to Martin Kraemer, KnowBe4’s CISO Advisor for Europe and the Middle East, that dynamic has shifted. We have moved from asking AI questions to giving AI jobs. In a recent webinar, Martin explores the transition from AI tools to AI agents.

As reported in the latest Phishing Threat Trends Report (Vol. 7), attackers are increasingly using calendar invites to bypass traditional email defenses, with this vector surging 49% over the past six months. In this Threat Labs deep dive, our team goes behind the scenes to provide a detailed analysis of this escalating campaign. We break down the technical underpinnings and tactical shifts in a unique multi-vector attack that turns your trusted corporate schedule into an instrument of compromise.

There isn't a CIO on the planet not worried about AI spend right now. CFOs are increasingly nervous, too. For fear of falling behind, many companies have pushed their employees to use AI as aggressively as possible. The edict was clear: "Move fast, we'll figure out the bill later." And for the most part, it worked: AI has been genuinely transformational for the teams that leaned in. But the costs are real: we’ve heard countless horror stories of huge bills and painful overages on token spend.

Adversaries are using AI to launch cyber attacks in record time, forcing security teams to measure responses in seconds instead of hours or days. Detecting these attacks is increasingly difficult. Phishing campaigns built by large language models (LLMs) achieve click-through rates 4.5x higher than traditional methods.1 Public sector organizations are at an inflection point with cybersecurity. Most security stacks in place today weren’t built for this level of speed.

Accelerating security solutions for small businesses‍ Tagore offers strategic services to small businesses. A partnership that can scale‍ Tagore prioritized finding a managed compliance partner with an established product, dedicated support team, and rapid release rate. Standing out from competitors‍ Tagore's partnership with Vanta enhances its strategic focus and deepens client value, creating differentiation in a competitive market.

A combination of accelerating risk complexity and increasing attack times is creating a perfect storm for organizations. Responding effectively to this fast-evolving threat landscape demands more advanced capabilities.