Geek-Guy.com

Category: Compliance

Ten years later, has the GDPR fulfilled its purpose?

This year marks the 10th anniversary of the EU’s adoption of the General Data Protection Regulation, which became mandatory for all companies beginning on May 25, 2018. The aim of the GDPR was simple, but important: to improve individuals’ control over their personal data. This regulation replaced Directive 95/46/EC with the clear purpose of unifying data…

Mythos AI: What Security Leaders Should Do Next

The recent discussion around Anthropic’s Claude Mythos Preview and Project Glasswing has caught the attention of the cybersecurity industry for good reason. Mythos is not just another AI announcement. It is being positioned as a frontier model with advanced cybersecurity capability, particularly around finding and exploiting software vulnerabilities. Anthropic has stated that Project Glasswing is…

New compliance guide available: ISO/IEC 42001:2023 on AWS

We have released our latest compliance guide, ISO/IEC 42001:2023 on AWS, which provides practical guidance for organizations designing and operating an Artificial Intelligence Management System (AIMS) using AWS services. As organizations deploy AI and generative AI workloads in the cloud, aligning with globally recognized standards such as ISO/IEC 42001:2023 becomes an important step toward strengthening…

ServiceNow continues its AI transformation with an integrated experience

ServiceNow has unveiled updates to its workflow management platform advancing its redefinition of itself as the “AI control tower for business reinvention” at its Knowledge customer event this week. The AI Control Tower product itself, introduced at last year’s event, gets new integrations with Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP) and…

UiPath adds agentic AI capabilities to Automation Suite for government agencies

UiPath has announced the release of agentic AI capabilities on UiPath Automation Suite. The Automation Suite updates help government agencies and regulated industries accelerate agentic AI and automation adoption and are designed to address strict data sovereignty and compliance requirements. These new capabilities empower agencies to deploy agentic AI within their own infrastructure using cloud-hosted…

How CISOs Reduce Cyber Risk with MITRE ATT&CK 

Nowadays CISOs face escalating threats that outpace traditional defenses. The strategy is evolving from compliance-driven checklists to a threat-informed approach. MITRE ATT&CK provides a globally accessible knowledge base of real-world adversary tactics, techniques, and procedures (TTPs), enabling organizations to understand, prioritize, and counter actual attacker behaviors rather than abstract controls.  This shift helps align security efforts with business…

Train like you fight: Why cyber operations teams need no-notice drills

St. Michael’s Hospital in Toronto recently executed a full Code Orange simulation: A mass casualty emergency protocol requiring the activation of every clinical and operational team across the hospital. As a Level 1 trauma centre, it conducts large-scale exercises involving teams across the entire hospital: Emergency, surgery, communications, administration. The exercise is not a compliance…

News alert: LuxSci launches HIPAA-compliant email platform for mid-size healthcare market

CAMBRIDGE, Mass., May 5, 2026, CyberNewswire—LuxSci, a leading provider of HIPAA compliant secure healthcare communications, today announced the launch of LuxSci Secure High Volume Email for mid-sized healthcare organizations, the industry’s trusted HIPPA-compliant email solution now packaged and priced for mid-size healthcare organizations. Regional health systems, health plans, specialty group practices, urgent care networks, and…

Five ways to use Kiro and Amazon Q to strengthen your security posture

A Monday morning security alert flags unauthorized access attempts, security group misconfigurations, and AWS Identity and Access Management (IAM) policy violations. Your team needs answers fast. Security teams are using Kiro and Amazon Q Developer to handle repetitive tasks—scanning resources, drafting policies, and researching Common Vulnerabilities and Exposures (CVEs)—so engineers can focus on risk decisions…

Netrio Expands MSP Services with AI Advisory Practice

Netrio has launched a new AI advisory and transformation practice to help mid-market enterprises move artificial intelligence projects beyond experimentation and into measurable business use. The McKinney, Texas-based MSP said the new offering will support customers across AI evaluation, strategy, governance, deployment, and adoption. The practice is designed for organizations struggling with disconnected AI pilots,…

Android Zero-Click RCE Vulnerability Enables Remote Shell Access  

Google has released a patch for an Android vulnerability that allows remote code execution (RCE) without requiring any user interaction.  The flaw could “… lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation,” said Google in its security advisory. Inside the…

Download: Secure Foundations for AI Workloads on AWS

Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images help teams reduce misconfiguration risk, support compliance efforts, and move faster in AWS. What are AI-optimized CIS Hardened Images CIS Hardened Images are secure, on-demand, scalable cloud images that help organizations deploy from…

New Phishing Campaign Targets US with Credential Theft: What CISOs Need to Know

A new large-scale phishing campaign is targeting U.S. organizations with fake event invitations that lead to credential theft, OTP interception, or RMM tool installation. ANY.RUN researchers found that the campaign uses a repeatable phishing framework to create event-themed lure pages at scale. Some pages steal email credentials and OTP codes, while others deliver legitimate remote…

Microsoft: Phishing campaign used fake compliance notices to compromise employee accounts

Phishers have been using fake workplace compliance notices to try to trick Microsoft account owners into signing in via a fake sign-in page, says the company’s Defender Research team. The email campaign targeted more than 35,000 users across 13,000 organizations in 26 countries, but concentrated primarily on targets in the United States. Microsoft didn’t say…

JumpCloud Report Finds AI Agent Security Gaps Widening

JumpCloud, the IT management platform company, released its Agentic IAM Pulse Report on Tuesday, drawing on responses from 261 IT, security, and identity decision-makers at organizations with 200-2,500 employees across the United States and the United Kingdom.  The findings reveal a widening gap between how aggressively companies are deploying AI agents and how little governance…

CISOs step up to the security workforce challenge

A robust cybersecurity program needs a range of skilled people, yet many CISOs continue to face an ongoing skills shortage — and the squeeze may only get worse as AI gains traction. Some 95% of cybersecurity practitioners and decision-makers noted at least one security skills gap at their organization, with almost 60% citing critical or significant…

Why most zero-trust architectures fail at the traffic layer

Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…

Agentic AI and the Evolution of Code Security in Modern Development

The rise of agentic artificial intelligence (AI) is fundamentally reshaping how software is developed, tested, and secured.  In a recent discussion with Jeremy Katz, VP of Code Security at Sonar, key insights emerged about how AI-driven workflows are accelerating development while introducing new security challenges that organizations must address. Agentic Workflows in Modern Development Agentic…

The fake IT worker problem CISOs can’t ignore

Hiring fake IT workers has been a growing problem in recent years — but it’s often a problem very few want to admit to. From Fortune 500 companies down to smaller organizations, remote hiring practices have been exploited to grant trusted access to individuals who are not who they claim to be creating an insider…

How CISOs should utilize data security posture management to inform risk

Every CISO eventually faces the same tension: You know your security program needs to mature, but the budget and headcount to do it all aren’t there. That tension is especially sharp when it comes to data security posture management (DSPM). Not every organization can afford, or even needs, the gold standard of DSPM deployment. Full-featured…

Introducing Wallarm Middle East Cloud: Built for Data Residency Compliance

As API and AI adoption grows across the Middle East, so do the expectations around how data is handled. For many organizations operating in this region, it’s not just about securing applications. It’s about doing it in a way that keeps data in-country and aligned with local requirements. Today, we’re introducing the Wallarm Middle East…

Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide

AWS Security Assurance Services is announcing the release of our latest compliance guide, ISO 31000:2018 Risk Management on AWS, which provides practical guidance for organizations establishing and operating a risk management program in AWS environments using ISO 31000:2018 principles. The guide explains how organizations can integrate AWS services into their risk management processes to support…

Human-centric failures: Why BEC continues to work despite MFA

Business email compromise (BEC) is still thriving even in organizations that have implemented multi-factor authentication (MFA). As security professionals, we often assume that MFA is the silver bullet for email security, but real-world incidents suggest otherwise. Attackers exploit human behaviors, process gaps and operational blind spots that MFA alone cannot address. In many modern BEC…

Managing OT risk at scale: Why OT cyber decisions are leadership decisions

The first time I approached an OT environment, I assumed that the strategies effective in IT cybersecurity would be equally applicable. I was wrong. The experience revealed a fundamental difference, highlighting the need for a distinct approach to OT cyber risk management. The mistake was not technical. It was conceptual. I was treating OT as…

Congress kicks the can down the road on surveillance law (again)

Congress extended a controversial surveillance law for 45 days on Thursday, hours before its latest expiration following an earlier extension. The Senate passed — then the House cleared — a 45-day extension of Section 702 of the Foreign Intelligence Surveillance Act, which authorizes warrantless surveillance of foreign targets. But those targets are sometimes communicating electronically…

AWS, Microsoft, & Google Cloud Converge Around AI-Led Growth

The “big three” hyperscalers, Amazon Web Services (AWS), Microsoft, and Google Cloud, have been especially active over the past 12 months, operating both as suppliers of in-demand data center capacity for AI model developers and as builders of their own models, services, and tools. While each has historically leaned into distinct strengths and target markets,…

How Criminals Created SMS Blasters to Fake Cellphone Towers and Hack Thousands of Phones in Canada

Canadian authorities have dismantled what appears to be one of the most technically sophisticated financially motivated telecom attacks publicly documented in North America after arresting three suspects accused of operating vehicle-mounted “SMS blaster” systems that impersonated legitimate cellular towers, induced nearby mobile devices into attaching to rogue infrastructure, delivered phishing messages to those devices—likely through…

Cisco Introduces Model Provenance Kit to Strengthen AI Supply Chain Security

Organizations are rapidly adopting AI models, but many still lack visibility into where those models come from or how they’ve been modified along the way.  Cisco is aiming to close that gap with the release of its open-source Model Provenance Kit, a tool designed to verify the origins of AI models and improve trust across…

Everyone’s building AI agents. Almost nobody’s ready for what they do to identity.

Anthropic recently announced that it would not release Mythos, its most powerful AI model, to the public. The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades. Anthropic said the model was too dangerous to deploy…

Meta accused of violating DSA by failing to safeguard minors

The European Commission accuses Meta of failing to protect children, allowing users under 13 on Instagram and Facebook, in breach of the DSA rules. The European Commission has accused Meta of violating child safety rules. Instagram and Facebook allegedly failed to prevent children under 13 from accessing their platforms. According to the Commission, Meta did…

Adaptive Security Leadership in an Expanding Threat Surface

Last week I joined fellow security leaders at CISO Inspire Summit North for a panel discussion on The Expanding Threat Surface: Adaptive Security Leadership for 2026 and Beyond. It was a timely discussion, because the challenge facing security leaders today is not simply more threats. It is more connections, more dependencies, and more complexity. Suppliers, SaaS, identities, automation…

Netskope, Rubrik, Commvault Expand Google Cloud Security

At this year’s Google Cloud Next 2026 conference in Las Vegas, tech and cybersecurity companies across the channel unveiled their latest announcements spanning AI, security, infrastructure, and more. While artificial intelligence was firmly front and center, themes around enhanced cybersecurity, particularly AI guardrails and cyber resilience, emerged as equally important priorities. In this recap, we…

amazee.ai’s amazeeClaw simplifies production deployment of AI agents with regional control

amazee.ai has announced the launch of amazeeClaw, a managed OpenClaw hosting platform that enables developers and enterprises to deploy production-ready AI agents with data sovereignty and regional control without having to set up their own infrastructure. As adoption of AI agents and agentic automation accelerates, organizations are discovering that moving from prototype to production is…

Margin vs. Madness: Fixing MSSP Top 5 Operational Nightmares

Leading a managed security services provider has never been a comfortable job. And it isn’t now, though the demand for MSSPs has never been higher. The global threat landscape is expanding faster than most enterprise security teams can keep pace with, and organizations across every sector are turning to managed providers to fill the gap.   For MSSP leaders, this…

7 Best Network Security Tools to Use in 2026

This guide is for IT professionals, security teams, and business leaders looking to strengthen network defenses in 2026. It covers the best network security tools to protect data and help reduce overall organizational risk. Network security tools incorporate hardware and software technologies, methods, and policies to preserve network integrity and prevent potential breaches. These tools…

Best AI Deepfake and Scam Detection Tools for Security in 2026

This guide is for security professionals, IT teams, and anyone concerned about AI-driven fraud who wants to detect deepfakes and scams in 2026. It covers some of the best tools available to identify fake videos, audio, and synthetic content. You can fake a video. You can clone a voice. You can even generate a “live”…

6 Best Intrusion Detection & Prevention Systems in 2026

This guide is for IT leaders, security teams, and network administrators looking to strengthen threat detection and response in 2026. It covers the top intrusion detection and prevention systems (IDPS) and key features to consider when choosing the right solution. Network security is not just about keeping the bad guys out. It’s about having a…

Infra + security: why more & more CISOs are starting to own infrastructure

Over the past year, I have started to see a growing trend that in more and more organizations, CISOs are taking ownership of infrastructure teams. Where CISOs aren’t directly taking over infrastructure teams, they are exerting more direct control over how infrastructure is designed and operated. Like many structural shifts in cybersecurity, this is developing…

Fleet hopes to be the MDM provider for the AI Era

Fleet, the independent, open-source, multi-platform MDM service, recently announced its new partner program for VARs and MSPs serving enterprise customers and recruited MobileIron co-founder Suresh Batchu to serve on the company’s board. With those moves in mind, I caught up with company CEO Mike McNeil to find out more about the Fleet’s plans. Given the company’s…

Access control with IAM Identity Center session tags

As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS accounts. It simplifies authentication, enhances security, and provides a seamless user sign-in experience to AWS services across diverse environments.…

GitLab Deepens Integration with Anthropic’s Claude Models to Accelerate Secure Software Development

COMPANY NEWS:  AI agents in GitLab Duo Agent Platform can now call Anthropic’s newest Claude models, with every action governed by GitLab’s existing compliance, audit, and policy framework; no separate governance layer required. Enterprises can access Claude models, including the newly released Claude Opus 4.7, through GitLab via Google Cloud and AWS Bedrock to route…

Phishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t Ignore 

CISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by ANY.RUN analysts, threat actors are using fake Microsoft, Adobe, and OneDrive pages to deliver legitimate…

6 Lessons Security Leaders Must Learn About AI and APIs

Most organizations treating AI security as a model problem are defending the wrong layer. Security teams filter prompts, patch jailbreaks, and tune model behavior, which is all necessary work, while the actual attack surface sits largely unexamined underneath. That surface is the API layer: the endpoints AI systems use to retrieve data, call tools, and…

Securing RAG pipelines in enterprise SaaS

In the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack since they are not trained on customer proprietary data. Retrieval-Augmented Generation (RAG) is the bridge…

Stopping AiTM attacks: The defenses that actually work after authentication succeeds

The security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (AiTM) phishing does not steal credentials and replay them. It sits between the user and the legitimate service, watches a real authentication succeed in real time, and walks away with the…

Best Zero Trust Security Solutions in 2026

This guide is targeted toward IT and security teams looking to get more granular access control and reduce implicit trust across applications and systems in 2026. It introduces zero trust and top zero trust solutions. A presidential executive order mandating a zero trust strategy for federal agencies has raised the profile of the cybersecurity technology…

Optimize security operations through an AWS Security Hub POC

April 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for planning your POC. AWS Security Hub prioritizes your critical security issues…

Enterprise VPN Solutions Every Business Should Know in 2026

This guide is for IT leaders, security teams, and growing businesses that need secure remote access to corporate systems. It highlights the top enterprise VPN solutions in 2026 that protect data, control access, and support reliable connectivity. Think of your enterprise network as a busy airport. Every employee, device, and data packet is trying to…

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

A Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitive information. The NASA Office of Inspector General (OIG) and federal…

Compliance by design in the age of AI

GUEST OPINION:  There’s no denying Australia is moving fast on AI. Governments are launching AI offices, businesses are building new data centres to support AI workloads, and importantly, regulators are starting to ask tougher questions about how the technology is used. But alongside the excitement sits the reality: organisations can’t bolt compliance as an afterthought…

Top 6 Remote Desktop Software Solutions Compared

Remote desktop software enables businesses and IT professionals to access and manage computers and devices from remote locations, ensuring seamless operations from anywhere. The most effective solutions offer features like unattended access, secure file transfer, multi-monitor support, cross-platform compatibility, and real-time collaboration. To help you find the best fit, we’ve compared the leading options on…

AI is reshaping DevSecOps to bring security closer to the code

Artificial intelligence tools are revamping DevSecOps processes, enabling security and development teams to more effectively build safeguards into software products from the get-go. But AI’s impact on DevSecOps goes well beyond tooling and processes, altering the scope, skills, and strategies foundational to the discipline as well. “AI is fundamentally shifting DevSecOps from reactive validation to…

TLS Connect gives SMBs a right-sized automated tool to manage TLS certificates

GMO GlobalSign today launched TLS Connect, a Certificate Lifecycle Management (CLM) tool designed specifically for SMBs. TLS Connect automates public trust TLS certificate deployment and renewal, allowing SMBs to strengthen security, maintain regulatory compliance and reduce business risk. The introduction of TLS Connect comes on the heels of the first in a series of TLS…

25 open-source cybersecurity tools that don’t care about your budget

Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond to incidents throughout the development and operational lifecycle. Allama: Open-source AI security automation Allama is an…

Meta, Roblox and TikTok claim to UK Parliament that their platforms are are not additive to children and that Australian under 16 ban will fail

The claim from Meta, Roblox and TikTok  that  Australia’s under-16 social media ban is “not really enforceable” has now moved from industry talking point to parliamentary record, following testimony before the UK’s Education Committee in April. But beneath the predictable pushback from Meta, TikTok and Roblox lies a more complex—and more uncomfortable—reality for policymakers on…

New US House privacy bills raise hard questions about enterprise data collection

US House Republicans have introduced two major privacy proposals that would reshape how US companies collect, process, and retain consumer data: the SECURE Data Act for general consumer privacy and the GUARD Financial Data Act for financial institutions. The bills would create national standards for privacy and security practices while broadly preempting many state privacy…

Protecting your secrets from tomorrow’s quantum risks

As outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an important aspect of your side of the PQC shared responsibility model. Timelines to plan and…

Sage Expands Intacct Advisory and Debuts Sage HCM Solution

Accounting, finance, and HR technology provider Sage has announced two updates ahead of its annual Sage Future conference: the expansion of its Sage Intacct Advisory program and the launch of its Sage HCM solution. Both moves are positioned to streamline workflows, introduce more industry-specific capabilities, and help organizations better leverage AI across their operations. Scaling…

Data Breaches, AI Expansion, and Cloud Security Define This Week’s Cyber Landscape in April 2026

Major Threats & Vulnerabilities Vulnerability Scoring and Exploitation Trends The NIST Adjusts Scoring Amid CVE Spike report highlights a 260%+ increase in CVE submissions since 2020. To manage the surge, NIST will prioritize high-impact vulnerabilities, potentially leaving many without full scoring data. Security teams must adapt to inconsistent vulnerability data and prepare for potential blind…

Inside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real Time 

A new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi-stage malware delivery, and real-time remote access capabilities to compromise victims and actively assist attackers in financial theft.   For organizations, the implications extend beyond individual users. Employees accessing corporate…

The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative

Your legal team just handed you a 400-page document and said “figure out compliance.” The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems are used, deployed, or produce effects within the European Union. In practice, that means that global organizations…

Checkmarx Supply Chain Attack Exploits Docker Images and CI/CD Pipelines 

A supply chain attack targeting Checkmarx tooling has exposed developer environments.  Attackers pushed malicious Docker images and tampered extensions capable of stealing credentials and other sensitive data.  This “… continues a dangerous trend that’s accelerated over the past month: CI/CD pipelines have become the new perimeter,” said Eli Woodward, Cyber Threat Intelligence Advisor at Team…

CVE-2026-28950: Apple Fixes iOS Flaw That Retained Deleted Notification Data

Apple has released security updates to address a Notification Services issue in iOS and iPadOS that could cause alerts marked for deletion to remain stored on a device. The fix was delivered in iOS 26.4.2 / iPadOS 26.4.2 and iOS 18.7.8 / iPadOS 18.7.8, where Apple says the problem was resolved through improved data redaction.…

GDPR works, but only where someone enforces it

A new measurement study of web tracking across ten countries offers a reality check for anyone working on privacy compliance. Researchers crawled the same set of globally popular websites from virtual machines located in Australia, Brazil, Canada, Germany, India, Singapore, South Africa, South Korea, Spain, and California. The results show that European privacy law does…

House Republicans roll out national privacy bill

House Republicans unveiled on Wednesday Congress’ latest effort to tackle comprehensive digital privacy legislation for Americans. The Secure Data Act would allow consumers to opt out of data collection for individual businesses for the purposes of targeted advertising, selling to third parties or for use in automated decisionmaking. It would also require companies to inform…

A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended

Building on our recent announcement of AWS Security Hub Extended —our full-stack enterprise security offering — we want to show you how we’re simplifying security procurement and operations for your multicloud environments. Whether you’re a security architect evaluating solutions or a CISO looking to streamline vendor management, this post walks through the streamlined experience that…

Employment Hero AI unlocks new employment model targeting $12.6 billion in duplicated employment admin holding Australia back

New modelling shows businesses are paying $12.6 billion more than they should in employment administration Complex, manual HR processes are driving duplication, costing up to a quarter of an employee’s salary and dragging down productivity  Despite Australian businesses spending $160 billion annually on compliance, hundreds of thousands of workers remain underpaid and over half of…

News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category

NEW YORK, Apr. 21, 2026, CyberNewswire—BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time BreachLock has been identified in the Adversarial Exposure Validation (AEV) category since launching its agentic AI-powered Adversarial Exposure Validation platform in 2025. Not only has the company gained recognition in the AEV market quickly, but BreachLock has also emerged as the only vendor offering adversarial exposure validation, Penetration Testing…

More Attack Context for Faster Triage, Response, and Hunting. Now Available to Every SOC 

ANY.RUN has expanded access to Threat Intelligence capabilities for SOC and MSSP teams, backed by live attack data from 15,000 organizations.  Here’s how your team can test TI’s impact on triage quality, response speed, and threat hunting workflows.  See How Threat Intelligence Accelerates Your SOC  ANY.RUN now offers 20 premium requests in Threat Intelligence Lookup and YARA Search as part of the Free plan.   You can get immediate threat context for over 40 types…

Attacking the MCP Trust Boundary

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…

Meta to track employee keystrokes, screen activity to train AI agents

Meta plans to track US employees’ mouse movements, clicks, keystrokes, and screen activity to train workplace AI agents, according to Reuters, offering an early look at how far major tech companies may go to build systems that can automate knowledge work. The company plans to do so through a tool called Model Capability Initiative, or…

The AI era demands a different kind of CISO

Many security leaders are still operating with frameworks built for a different era. For years, success was measured by fixed checkpoints, such as passing audits, closing vulnerabilities, and maintaining compliance. Those markers still have value, but they were designed for a threat landscape that moved in predictable, linear ways. Today, that landscape is shifting in…

Winter 2025 SOC 1 report is now available with 184 services in scope

Amazon Web Services (AWS) is pleased to announce that the Winter 2025 System and Organization Controls (SOC) 1 report is now available. The report covers 184 services over the 12-month period from January 1, 2025 – December 31, 2025, giving customers a full year of assurance. This report demonstrates our continuous commitment to adhering to…

Kamiwaza Expands ARIA Through TD SYNNEX, HPE Channel

Kamiwaza AI is bringing its ARIA accessibility remediation platform to the TD SYNNEX channel alongside HPE, positioning MSPs and resellers to help public sector customers meet fast-approaching digital accessibility deadlines, including the April 24, 2026 ADA Title II compliance requirement. Channel opportunity tied to accessibility mandates for government websites The timing is notable for partners…

How to clone an AWS CloudHSM cluster across Regions

Important: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvements. You can use AWS CloudHSM to…

CISOs reshape their roles as business risk strategists

Nitin Raina’s career history resembles that of many CISOs: He worked in IT infrastructure, operations, and services before moving into security and advancing through the ranks. He’s now global chief information security officer at technology consultancy Thoughtworks. But in a less common professional move Raina also picked up the role of global head of enterprise…

Microsoft’s Patch Tuesday release for April is a whopper

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle we can recall. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild.  The Readiness team is recommending “Patch Now” schedules…