Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

And another one. GitHub ships break-glass credential revocation

Last week, GitHub released self-service credential revocation for Enterprise. The feature lets organization owners cut off compromised credentials across the entire organization in one action instead of trying to track down individual tokens during an active incident. This fix was a long time coming, as the past few months have shown what happens when revocation is slow or incomplete.

From ISDN to AI - Two Veterans on How Defence in Depth Has Changed

Defence in depth has evolved every time the technology landscape has shifted. The internet, virtualisation, cloud, SaaS. AI is the next shift, and the old model isn't keeping up. Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I'm Jim and in this episode, I'm joined once again by Martin Voelk, co-founder of SpartanX and an ethical hacker with nearly 26 years in cybersecurity.

Embracing the Benefits of Smart Glasses Safely in the Workplace

We are witnessing a massive shift in how we secure corporate networks. Security operations centers used to be dedicated to protecting static desktop stations, local servers, and company-issued mobile hardware. However, today's spatial computing and edge-based AI have delivered a new, largely unregulated hardware threat directly into the corporate space - face-worn consumer hardware.

RAG vs Fine-Tuning: When to Use Each for Enterprise GenAI Applications

Let's suppose that your business is about to implement GenAI (generative AI). In this case, the conversation inevitably boils down to a dilemma: RAG (Retrieval-Augmented Generation) or Fine-Tuning. At first glance, these appear to be two competing methods for tackling the same problem-getting a base LLM (Large Language Model) to speak your company's language.

Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era

Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every marketing vendor a company approves can silently introduce third and fourth-party scripts that no security team ever reviewed. In the AI era, that invisible layer is expanding faster than point-in-time audits can track. The gap between what an organization approves and what actually executes on its site is where data leakage, regulatory exposure, and compliance failures happen.

OpenMatter Network Introduces Verifiable Trust Layer for Secure Collaboration and AI Agents

OpenMatter Network today announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don't Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads, and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating autonomously across organizations, applications, and networks, those assumptions are being tested in new ways.

Azure Monitor Agent Metrics Extension Vulnerability: From Engagement to CVE

This article was authored by Cristhian Parrot from the Kroll Offensive Security Team. Kroll’s Offensive Security Team recently discovered a new vulnerability within Microsoft’s Azure Monitor Agent Metrics Extension, which demonstrates how subtle configuration issues can introduce significant security risks in widely deployed infrastructure components.

How to Discover and Control Shadow AI Agents in Your Environment

Most security programs have a working model for responding to shadow AI: identify the unsanctioned tools employees are using, sanction or block them, and update the acceptable use policy. That model worked, however imperfectly, when the threat was limited to web-based GenAI applications. It does not work when the threat is an autonomous agent, running locally on an endpoint, that reads the file system, calls external APIs, and transmits internal data.

Rethinking IaaS: Why partner cloud is a timely growth opportunity for service providers

If you’re a service provider, you’ve probably felt the shift already. Clients are asking tougher questions about cost. Some are frustrated with hyperscaler bills. Others are rethinking VMware. And more are paying attention to where their data lives and who controls it. Put all of that together, and it’s clear: Infrastructure is becoming a strategic conversation again. One that creates both pressure and opportunity. eBook How to build a profitable IaaS business with Acronis Cyber Frame.