Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Secure all your non-human identities across providers and without secrets. Explore how AWS and GitGuardian can help organizations migrate to short-lived tokens.

As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep up. At Salt Security, we spent 2025 focused on one thing: defending the API action layer where AI, applications, and data intersect.

Mexico has taken a major step toward strengthening its digital defenses with the official unveiling of its first National Cybersecurity Plan, a landmark initiative that establishes the country’s first specialized policy framework for cybersecurity.

It was a quiet Monday morning until John, head of IT, opened his laptop and saw 424 new support tickets. Users across the office were reporting issues like “apps won’t load” and “internet not working.” After hours of investigation that stretched into the next day, the team traced the problem to a branch router overwhelmed by malformed DNS queries from a misbehaving IoT device.

Organizations are under pressure to protect more devices, users, and distributed workloads than ever — while adversaries are moving faster, smarter, and across more domains. Many businesses still depend on complex solutions that create gaps between tools and strain security teams.

If 2025 has taught us anything, it’s that risk is no longer confined to the edges of your network. The traditional security perimeter has dissolved, with risk creeping into the very tools we use to run our businesses. Organizations faced off against catastrophic configuration errors, the weaponization of third-party trust connections, Multi-Factor Authentication (MFA) failures, and attackers who clearly love the holidays.

In December 2025, a critical remote code execution vulnerability was disclosed in DeepChat, an open-source desktop AI agent platform built using Electron. The issue, tracked as CVE-2025-67744, affects all DeepChat versions prior to 0.5.3 and carries a CVSS score of 9.6. The vulnerability arises from the interaction between two separate weaknesses. The first allows attacker-controlled JavaScript execution through unsafe rendering of Mermaid diagrams.

With only a handful of working days left in 2025, it might be useful to look back on the year of crypto policy that passed, to inform us as we look forward. What were the main industry’s key policy expectations of this year?

700Credit, a US-based credit check and compliance provider, disclosed in late October that it had suffered a significant data breach affecting nearly 18,000 dealerships and more than 5.6 million consumers. According to the company’s disclosure and subsequent reporting, the exposed data includes names, addresses, dates of birth, and Social Security numbers.