The Purdue Model has long been the GuideStar for securing factories, power plants, and water systems: layer your sensors at the bottom, controllers above, and tie it all to enterprise IT at the top with firewalls segmenting between. Simple. Effective. Or so the industry told itself.
Many medical devices have expected lifespans measured in decades, and the majority of connected medical devices currently in use wouldn't meet the FDA's latest cybersecurity standards if submitted for approval. Adversaries have noticed.
The bring-your-own-device (BYOD) dimension carries implications well beyond Stryker.
While Iranian drones were taking out Amazon's data centers in the Gulf, Tehran's hackers were already inside U.S. banks, airports, and defense networks — and they got there weeks before the first missile flew.
Ransomware events surged 55% in 2025, supply chain attacks widened the blast radius, and nation-state actors showed up. New data from Health-ISAC shows why the health sector's security problem continues to grow.
As Iran's cyber forces regroup after the most devastating military strikes in the Islamic Republic's history, the U.S. agency built to defend the nation's critical infrastructure is operating with a skeleton crew, gutted leadership, and a funding crisis — at precisely the moment it is needed most.
New GreyNoise telemetry recorded 2.97 billion malicious sessions targeting edge infrastructure in H2 2025 — and AI serving platforms are already on the same target list as VPN appliances and firewalls. The attack surface expanded. Attackers followed.
The SaaS market has shed $1 trillion in value. Salesforce, Workday, Adobe, and Snowflake are all down at least 40% from 2025 peaks. For CISOs managing risk across a consolidating software stack, the implications for vendor stability, integration continuity, and contract leverage are significant.
The forthcoming plan marks a sharp pivot from the Biden era—and some experts warn it may leave the nation more exposed, not less.
The Notepad++ incident isn't just another nation-state compromise. This attack highlights how developer tools are a governance blind spot, ongoing weaknesses in the integrity of update mechanisms, and the continued evolution of supply chain attacks.
The world moved swiftly to adopt enterprise AI. Here come the regulations. In this story, we cover what security and risk teams need to know to weather the new regulatory waters.
For security teams, the message is sobering: initial access brokers such as Gootloader operate at sophisticated technical levels, leverage specialized knowledge of file-format quirks, and maintain operational resilience through rapid innovation.
For enterprises eager to consolidate their tools, success will take the form of "platformization" of enterprise security stacks.
We picked the top three news events of 2025. It wasn't easy: and neither will be 2026.
Here are the predictions we believe will have significant impacts on security professionals in the year ahead: the bad and the good.
This isn't marginal spending on a future-state concern—it's an immediate, substantial commitment that many CISOs now see as a priority.
