Scattered Spider: The Group Behind Major ESXi Ransomware Attacks
Blog Published: 07/09/2025
Originally published by Vali Cyber. Written by Nathan Montierth. A new wave of ransomware actors is rewriting the rulebook—and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra...
Agentic AI, MCP, and the Identity Explosion You Can’t Ignore
Blog Published: 07/10/2025
Written by Itzik Alvas, Entro. In late 2024, Anthropic introduced the Model Context Protocol (MCP), a universal framework that allows AI agents to interface with external systems like GitHub, Slack, Postgres, and more. It’s like USB-C for AI: plug in once, connect to anything. ...
How Your Zero Trust Environment Affects Your Compliance Assessment
Blog Published: 07/10/2025
Originally published by Schellman. Written by Sully Perella, Senior Manager, Schellman. These days, you can never have too many cybersecurity measures in place, particularly given how regularly threats continue to escalate and grow in sophistication. Now, many organization...
Introducing the CSA AI Controls Matrix: A Comprehensive Framework for Trustworthy AI
Blog Published: 07/10/2025
Today, the Cloud Security Alliance (CSA) has announced the release of the AI Controls Matrix (AICM), a groundbreaking framework designed to help organizations develop, implement, and use AI technologies in a secure and responsible manner. As we witness the rapid advancement of generative AI...
Compliance: Cost Center or Growth Trigger?
Blog Published: 07/11/2025
Originally published by Prescient Security. Written by Frejin Arooja. Founders aren’t excited about compliance. Ask a startup team about SOC 2 or ISO 27001, and you’ll usually get a shrug or a sigh. To many, it’s manual busywork. Only a box to check once a big customer asks f...
Zero Trust Lessons from a Real-World 5G Cloud Core Security Assessment
Blog Published: 07/14/2025
Written by Taha Sajid, Founder, Principal Security Architect, Xecurity Pulse. What happens when the core of a cutting-edge 5G network trusts too much? A single weak link can unravel even the most sophisticated systems. As telecom networks embrace cloud-native architectures to power...
7 Email Security Metrics That Matter: How to Measure and Improve Your Protection
Blog Published: 07/15/2025
Originally published by Abnormal. Written by Dan Nickolaisen. Despite the evolution of security tools and protocols, email continues to be the primary entry point for cyberattacks. Today’s threats go far beyond spam and malware—they’re socially-engineered, highly targeted, and ...
A Copilot Studio Story 2: When AIjacking Leads to Full Data Exfiltration
Blog Published: 07/16/2025
Originally published by Zenity. Written by Tamir Ishay Sharbat. In our last article we took a deep look into a customer service agent built by McKinsey & Co using Microsoft’s Copilot Studio platform. This was not just any agent, but one of Microsoft’s flagship examples il...
Compliance is Falling Behind in the Age of Non-Human Identities
Blog Published: 07/17/2025
Written by Itzik Alvas, Entro. Every major compliance framework, including PCI DSS, GDPR, ISO 27001, SOC 2, and NIS2, requires strong access controls, continuous monitoring, and clear accountability. Yet despite these well-established expectations, one critical area is still oft...
What is SOC 1? — A Complete Guide to SOC 1 Reports
Blog Published: 07/18/2025
Originally published by BARR Advisory. For organizations that provide services that could impact their customers’ financial reporting, demonstrating strong internal controls is critical. In today’s business world, it’s no longer enough to simply claim your internal processes are se...
Reflecting on the 2023 Toyota Data Breach
Blog Published: 07/21/2025
CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the fourth incident covered in the Deep Dive: ...
Reflections from Gartner IAM London: Visibility Leads to Observability
Blog Published: 07/22/2025
Originally published by Veza. Attending the Gartner Identity and Access Management (IAM) Summit in London felt a bit like being at a conference Sigmund Freud would’ve enjoyed. Instead of everyone psychoanalyzing their mothers, though, everyone was busy analyzing identity. Discov...
The IaC Maturity Curve: Are You Securing or Scaling Your Risk?
Blog Published: 07/22/2025
Originally published by Gomboc.ai. In today’s race to cloud-native development, Infrastructure as Code (IaC) has become the preferred approach for deploying and managing cloud infrastructure at scale. But for all the agility and speed it delivers, IaC is a double-edged sword. When imp...
What to Expect in the ISO 42001 Certification Process
Blog Published: 07/23/2025
Originally published by Schellman. Written by Jenelle Tamura. As artificial intelligence (AI) technologies become more deeply embedded in business operations, the need for responsible, transparent, and auditable AI management practices has never been more critical. ISO 42001 pr...
How GenAI Is Reshaping GRC: From Checklists to Agentic Risk Intelligence
Blog Published: 07/24/2025
Originally published by Scrut Automation. Written by Aayush Ghosh Choudhury, Co-Founder & CEO, Scrut Automation. A Tectonic Shift Driven by Regulation In March 2023, the U.S. Securities and Exchange Commission (SEC) proposed sweeping changes to its cybersecurity di...
Why Businesses are Unprepared for the Next Wave of AI Scams
Blog Published: 07/25/2025
Originally published by VikingCloud. Written by Jon Marler. In December 2023, President Joe Biden evidently told millions of Americans via MSNBC the story of getting lost in a grocery store and following a glowing magical pistachio to the exit. A few months into the 2024 elect...
U.S. Strikes on Iran Could Trigger Cyber Retaliation
Blog Published: 07/28/2025
Originally published by Synack on June 27, 2025. Written by Scott Ormiston, Federal Solutions Architect at Synack and U.S. Air Force veteran. In summer 2013, Iranian hacker Hamid Firoozi breached the controls of a dam in New York, according to a U.S. indictment. The dam intrusion ...
Implementing CCM: Cloud Security Monitoring & Logging
Blog Published: 07/28/2025
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. The CCM is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provid...
Homoglyph Attacks & Domain Squatting: The Hidden Risk to Your Brand
Blog Published: 07/29/2025
Originally published by CheckRed. Written by Derek Hammack, VP, Operations and Customer Success, CheckRed. Cybercriminals are getting smarter—and stealthier. One of the most dangerous and overlooked threats to your brand is homoglyph-based domain squatting. It’s not a technical...
How to Spot and Stop E-Skimming Before It Hijacks Your Customers—and Your Credibility
Blog Published: 07/30/2025
Originally published by VikingCloud. Written by Fayyaz Makhani. Cybercriminals are increasingly targeting SMB e-commerce platforms through stealthy JavaScript injections on payment pages, also known as e-skimming. Recorded Future’s 2024 Fraud Intelligence Report shows a stagger...