Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

GLM 5.2 Signals a New Phase of Accessible Frontier AI and a Shift in Cyber Risk

AI’s latest wave is reshaping cybersecurity in a fundamental way. Capabilities that once were limited to a handful of frontier models are now widely accessible, cheaper, and embedded across more environments. As access expands, risk is growing fast and scaling even faster.

Why traditional DAST Tools fail modern AppSec teams (and how to fix it)

For years, development and security practitioners have treated dynamic application security testing as a critical final safety check before code goes live. However, the external attack surface is expanding faster than mid-sized security teams can realistically manage. In this high-velocity environment, legacy DAST tools are increasingly failing to keep pace.

A 10-Minute WordPress Security Self-Check (No Scanner Required)

Right now, a bot is running a single command against a website and reading the first few lines that come back. Maybe yours. It is not personal. The bot is working down a list of a few hundred thousand WordPress sites, and any given site is on it because WordPress runs more than 40% of the web and the same small set of mistakes shows up on most of them. You can read exactly what that bot reads. It takes about ten minutes, the tools are already on your machine, and none of it is hacking.

The API Self-Check: How Hackers Find the Endpoint You Forgot About

In June 2026, ServiceNow disclosed that a customer-facing API endpoint had been shipped with authentication switched off, letting anyone query internal tables on hosted customer instances without a password. It wasn’t an isolated case. In 2025, a deprecated Stripe payment endpoint, still connected to live systems, let attackers validate stolen card numbers for months before anyone noticed.

Why third-party risk management is broken, according to CISOs and analysts

Independent journalists, analysts, and working CISOs are all reaching the same conclusion about questionnaire-based, point-in-time risk assessment: it’s no longer enough. Risk and vulnerabilities keep growing, compliance obligations keep stacking up, and AI adds an entirely new surface to account for. CISOs need something better: a continuous approach with visibility across their business, that actually reduces risk rather than just documenting it.

Behind the Fake Tax Notice - Part II: ValleyRAT Unmasked

In Part I of this series — “Behind the Fake Tax Notice” — the Foresiet Threat Intelligence Team mapped a multi-country, tax- and invoice-themed phishing network built around hxxps://adresesvip/. That infrastructure, hosted on Alibaba Cloud in Hong Kong, was used to target taxpayers across India, Germany, Malaysia and Japan. The first report documented the lure, the sender and the hosting, but left one question open: what does the campaign actually deliver?

Why Direct Booking Technology Is the Future of Short-Term Rentals

For most of the last decade, listing on Airbnb, Vrbo or Booking.com wasn't optional for short-term rental hosts. It was the only realistic way to get seen. That came at a price: commission fees eating into every booking, plus a guest relationship the host never actually owned. It's a fundamental restructuring of the relationship between hosts, guests and the platforms that sit between them, and it's changing the benefits of owning a rental property in the process. Direct booking tools that were once out of reach for anything but large property management companies are now accessible to independent hosts running one or two properties.

The FBI Just Issued an Alert on TeamPCP. Here's How They Get In

The FBI just issued a FLASH alert on TeamPCP — the group behind a wave of software supply chain attacks that compromised widely-used developer and security tools, harvesting cloud credentials, SSH keys, and Kubernetes secrets at scale. Tova Dvorin and Adrian Culley break down how TeamPCP operates with an APT's patience, and the open question the FBI alert doesn't answer: is a nation-state pulling the strings? Full breakdown on The Cyber Resilience Brief.