The SaaS market has shed $1 trillion in value. Salesforce, Workday, Adobe, and Snowflake are all down at least 40% from 2025 peaks. For CISOs managing risk across a consolidating software stack, the implications for vendor stability, integration continuity, and contract leverage are significant.
Lazarus-linked threat actors exploit fake recruiter campaigns in an operation ReversingLabs calls “graphalgo,” turning technical job interviews into remote access trojan (RAT) delivery mechanisms that target developers.
The forthcoming plan marks a sharp pivot from the Biden era—and some experts warn it may leave the nation more exposed, not less.
The Notepad++ incident isn't just another nation-state compromise. This attack highlights how developer tools are a governance blind spot, ongoing weaknesses in the integrity of update mechanisms, and the continued evolution of supply chain attacks.
Epoch Theory is Jeremiah Grossman’s framework for understanding how cybersecurity evolves in distinct phases driven by attacker behavior, not defensive intention.
The world moved swiftly to adopt enterprise AI. Here come the regulations. In this story, we cover what security and risk teams need to know to weather the new regulatory waters.
For security teams, the message is sobering: initial access brokers such as Gootloader operate at sophisticated technical levels, leverage specialized knowledge of file-format quirks, and maintain operational resilience through rapid innovation.
For enterprises eager to consolidate their tools, success will take the form of "platformization" of enterprise security stacks.
We picked the top three news events of 2025. It wasn't easy: and neither will be 2026.
Here are the predictions we believe will have significant impacts on security professionals in the year ahead: the bad and the good.
This isn't marginal spending on a future-state concern—it's an immediate, substantial commitment that many CISOs now see as a priority.
Traditional security tools were designed when code changes were measured in hundreds of lines per sprint and development cycles lasted weeks. Today, AI accelerates code production to thousands of lines daily with fundamentally different patterns than human-written code.
The agentic AI governance gap is a fundamental enterprise weakness. Sixty-three percent of organizations lack AI governance policies, according to IBM's research. This creates a complete lack of any meaningful organizational control over these deployments.
New research highlights the gap between how technology is designed to work and how it's actually safely operated.
Anthropic's disclosure lacked important elements, which explains the professional criticism that erupted despite the potmortem's potential significance. And while the post is marketing for Anthropic, it also provides strategic threat context for security executives.
AI-driven attacks are real, and they’re occurring. But to paraphrase cyberpunk writing pioneer William Gibson, “The future is already here – it's just not evenly distributed."
