AI in Cybersecurity: 5 Practical Use Cases for Stronger Defense
Blog Published: 07/01/2025
Originally published by Abnormal. Written by Emily Burns. AI is transforming cybersecurity, equipping organizations with advanced tools to detect, prevent, and respond to evolving threats. As cybercriminals increasingly use AI for sophisticated attacks, security teams must adop...
CIEM and Secure Cloud Access Best Practices
Blog Published: 06/24/2025
Originally published by CyberArk. Written by Sam Flaster, Director of IT Solutions Strategy, CyberArk and Shaked Rotlevi, Technical Product Marketing Manager, Wiz. Let’s cut the fluff out of cloud security. As you build and innovate in the cloud, you create a ma...
Why Are Penetration Tests Important?
Blog Published: 06/24/2025
Originally published by A-LIGN. Written by Joseph Cortese, Penetration Testing Practice Lead, A-LIGN. How do you measure the effectiveness of your cybersecurity program? Ask this question of a dozen CISOs and you’ll likely get twelve different answers. That’s becaus...
ESXi Ransomware: The Growing Threat to Virtualized Environments
Blog Published: 06/25/2025
Originally published by ValiCyber. Written by Nathan Montierth. Ransomware has reshaped the cybersecurity landscape, and a disturbing new trend is emerging: the targeting of ESXi environments. As the core of many organizations’ IT infrastructure, ESXi hypervisors have beco...
MFA Made Easy: 8 Best Practices for Seamless Authentication Journeys
Blog Published: 07/02/2025
Written by Anastasios Arampatzis. Multi-Factor Authentication (MFA) is a core part of compliance and Zero Trust security strategies. Yet, many organizations still struggle with deploying it across diverse user groups—employees, partners, and customers. The lack of MFA adoption often ...
What MITRE ATT&CK v17 Means for ESXi Security: Key Risks & How to Respond
Blog Published: 07/03/2025
Originally published by Vali Cyber. Written by Nathan Montierth. MITRE ATT&CK v17 introduces a major development for defenders: the first-ever dedicated ESXi matrix, highlighting hypervisors as critical points of attack. This blog breaks down what the new matrix means for ...
How Mature is Your NHI Security Program?
Blog Published: 07/07/2025
Originally published by Astrix. Written by Michelle Harari. Managing non-human identities is a top cybersecurity challenge today due to their complexity across interconnected systems, rapid growth, and dynamic nature. Limited budgets and staffing add to the difficulty, leaving ...
Implementing CCM: Infrastructure Security Controls
Blog Published: 06/27/2025
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM contains 197 control objectives structured into 17 domains that cover all key aspects ...
The Future of DevSecOps is Deterministic
Blog Published: 06/30/2025
Originally published by Gomboc. Written by John Kamenik, Principal DevSecOps Engineer, Gomboc. For years, DevSecOps has aimed to integrate security seamlessly into every phase of the software development lifecycle. Despite major advancements in tooling and cultural practic...
Introducing the OWASP NHI Top 10: Standardizing Non-Human Identity Security
Blog Published: 06/30/2025
Originally published by Astrix. Written by Tal Skverer. The non-human identity market has significantly matured in the past couple of years. While NHIs like service accounts, API keys, and OAuth apps are not new, the realization that managing and securing them has to be a priori...
Strategic Synergy: CSA STAR, CCM, and FedRAMP 20x
Blog Published: 07/02/2025
Security compliance, as we’ve traditionally known it, is buckling under the weight of modern complexity. Burdensome documentation, excessive manual oversight, and frameworks that are misaligned with today’s cloud-native architectures are pushing compliance past the breaking point. Legacy comp...
What We Can Learn from the 2024 CrowdStrike Outage
Blog Published: 07/03/2025
CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the third incident covered in the Deep Dive: ...
6 Key Steps to ISO 42001 Certification Explained
Blog Published: 07/07/2025
Originally published by Vanta. With more businesses using AI models in their products or services, the inherent AI risks have made it challenging to maintain customer trust. However, according to The State of Trust Report for 2024, only 37% of organizations conduct (or are in t...
What is Identity and Access Management [2025 Guide]
Blog Published: 07/08/2025
Originally published by Veza. Written by Mariah Brooks, Identity Security Consultant and Matthew Romero, Technical Product Marketing Manager, Veza. Identity and access management (IAM) is only becoming more important as the modern attack surface grows. With 80% of org...
The Traditional Technology Adoption Curve Doesn’t Work for AI
Blog Published: 07/02/2025
The trajectory of technological progress has historically followed a familiar cadence—slow initial adoption, steady refinement, and eventual widespread integration. However, in the age of artificial intelligence (AI), innovation has advanced dramatically—now unfolding in mere months. This bl...
Policy-as-Code vs. IaC Security: What’s the Real Difference?
Blog Published: 07/08/2025
And Why Your Team Can’t Afford to Confuse Them Originally published by Gomboc. Written by John Kamenik, Principal DevSecOps Engineer, Gomboc. Let me be blunt: If your team treats Policy-as-Code (PaC) and Infrastructure-as-Code (IaC) security as interchangeable, you’re ...
Understanding Security Risks in AI-Generated Code
Blog Published: 07/09/2025
Written by Andrew Stiefel, Endor Labs. AI coding assistants are changing the game for developers. They offer speed, convenience, and a way to fill knowledge gaps for busy engineering teams. With just a few lines of natural language, developers can generate entire functions, scri...
Why EU Cybersecurity Compliance is the New Competitive Advantage
Blog Published: 07/09/2025
Originally published by Scrut Automation. Written by Kush Kaushik. Cybercrime in Europe is evolving fast, and so must compliance. The European Union is no stranger to the rising tide of cyberattacks. From phishing campaigns to ransomware, the frequency and sophistication of ...
Cloud Security Alliance Delivers the AI Guardrails You’ve Been Looking For
Press Release Published: 07/10/2025
AI Controls Matrix (AICM) released to define and secure the future of AI SEATTLE – July 10, 2025 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, pro...
Why Identity Automation Fails at 96% of Organizations
Blog Published: 07/07/2025
Originally published by Cerby. Enterprise security teams have invested billions in identity security infrastructure over the past decade, building sophisticated systems to manage access and monitor risk. But when it comes to executing identity processes and decisions, our latest rese...