ChaptersEventsBlog
Register for DataSecAI 2025 in Dallas – Protect Data, Secure AI, and Drive Innovation

All Articles

All Articles
Scattered Spider: The Group Behind Major ESXi Ransomware Attacks

Blog Published: 07/09/2025

Originally published by Vali Cyber. Written by Nathan Montierth.   A new wave of ransomware actors is rewriting the rulebook—and their sights are set on the foundation of enterprise infrastructure: VMware ESXi. Scattered Spider—also tracked as UNC3944, 0ktapus, and Muddled Libra...

Agentic AI, MCP, and the Identity Explosion You Can’t Ignore

Blog Published: 07/10/2025

Written by Itzik Alvas, Entro.   In late 2024, Anthropic introduced the Model Context Protocol (MCP), a universal framework that allows AI agents to interface with external systems like GitHub, Slack, Postgres, and more. It’s like USB-C for AI: plug in once, connect to anything. ...

How Your Zero Trust Environment Affects Your Compliance Assessment

Blog Published: 07/10/2025

Originally published by Schellman. Written by Sully Perella, Senior Manager, Schellman.   These days, you can never have too many cybersecurity measures in place, particularly given how regularly threats continue to escalate and grow in sophistication. Now, many organization...

Introducing the CSA AI Controls Matrix: A Comprehensive Framework for Trustworthy AI

Blog Published: 07/10/2025

Today, the Cloud Security Alliance (CSA) has announced the release of the AI Controls Matrix (AICM), a groundbreaking framework designed to help organizations develop, implement, and use AI technologies in a secure and responsible manner. As we witness the rapid advancement of generative AI...

Compliance: Cost Center or Growth Trigger?

Blog Published: 07/11/2025

Originally published by Prescient Security. Written by Frejin Arooja.   Founders aren’t excited about compliance. Ask a startup team about SOC 2 or ISO 27001, and you’ll usually get a shrug or a sigh. To many, it’s manual busywork. Only a box to check once a big customer asks f...

Zero Trust Lessons from a Real-World 5G Cloud Core Security Assessment

Blog Published: 07/14/2025

Written by Taha Sajid, Founder, Principal Security Architect, Xecurity Pulse.   What happens when the core of a cutting-edge 5G network trusts too much? A single weak link can unravel even the most sophisticated systems. As telecom networks embrace cloud-native architectures to power...

7 Email Security Metrics That Matter: How to Measure and Improve Your Protection

Blog Published: 07/15/2025

Originally published by Abnormal. Written by Dan Nickolaisen.   Despite the evolution of security tools and protocols, email continues to be the primary entry point for cyberattacks. Today’s threats go far beyond spam and malware—they’re socially-engineered, highly targeted, and ...

A Copilot Studio Story 2: When AIjacking Leads to Full Data Exfiltration

Blog Published: 07/16/2025

Originally published by Zenity. Written by Tamir Ishay Sharbat.   In our last article we took a deep look into a customer service agent built by McKinsey & Co using Microsoft’s Copilot Studio platform. This was not just any agent, but one of Microsoft’s flagship examples il...

Compliance is Falling Behind in the Age of Non-Human Identities

Blog Published: 07/17/2025

Written by Itzik Alvas, Entro.   Every major compliance framework, including PCI DSS, GDPR, ISO 27001, SOC 2, and NIS2, requires strong access controls, continuous monitoring, and clear accountability. Yet despite these well-established expectations, one critical area is still oft...

What is SOC 1? — A Complete Guide to SOC 1 Reports

Blog Published: 07/18/2025

Originally published by BARR Advisory.   For organizations that provide services that could impact their customers’ financial reporting, demonstrating strong internal controls is critical. In today’s business world, it’s no longer enough to simply claim your internal processes are se...

Reflecting on the 2023 Toyota Data Breach

Blog Published: 07/21/2025

CSA’s Top Threats to Cloud Computing Deep Dive 2025 reflects on eight recent real-world security breaches. The report presents the narrative of each incident, as well as the relevant cloud security risks and mitigations. Today we’re reflecting on the fourth incident covered in the Deep Dive: ...

Reflections from Gartner IAM London: Visibility Leads to Observability

Blog Published: 07/22/2025

Originally published by Veza.    Attending the Gartner Identity and Access Management (IAM) Summit in London felt a bit like being at a conference Sigmund Freud would’ve enjoyed. Instead of everyone psychoanalyzing their mothers, though, everyone was busy analyzing identity. Discov...

The IaC Maturity Curve: Are You Securing or Scaling Your Risk?

Blog Published: 07/22/2025

Originally published by Gomboc.ai.   In today’s race to cloud-native development, Infrastructure as Code (IaC) has become the preferred approach for deploying and managing cloud infrastructure at scale. But for all the agility and speed it delivers, IaC is a double-edged sword. When imp...

What to Expect in the ISO 42001 Certification Process

Blog Published: 07/23/2025

Originally published by Schellman. Written by Jenelle Tamura.   As artificial intelligence (AI) technologies become more deeply embedded in business operations, the need for responsible, transparent, and auditable AI management practices has never been more critical. ISO 42001 pr...

How GenAI Is Reshaping GRC: From Checklists to Agentic Risk Intelligence

Blog Published: 07/24/2025

Originally published by Scrut Automation. Written by Aayush Ghosh Choudhury, Co-Founder & CEO, Scrut Automation.   A Tectonic Shift Driven by Regulation In March 2023, the U.S. Securities and Exchange Commission (SEC) proposed sweeping changes to its cybersecurity di...

Why Businesses are Unprepared for the Next Wave of AI Scams

Blog Published: 07/25/2025

Originally published by VikingCloud. Written by Jon Marler.   In December 2023, President Joe Biden evidently told millions of Americans via MSNBC the story of getting lost in a grocery store and following a glowing magical pistachio to the exit. A few months into the 2024 elect...

U.S. Strikes on Iran Could Trigger Cyber Retaliation

Blog Published: 07/28/2025

Originally published by Synack on June 27, 2025. Written by Scott Ormiston, Federal Solutions Architect at Synack and U.S. Air Force veteran.   In summer 2013, Iranian hacker Hamid Firoozi breached the controls of a dam in New York, according to a U.S. indictment. The dam intrusion ...

Implementing CCM: Cloud Security Monitoring & Logging

Blog Published: 07/28/2025

The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. The CCM is created and updated by CSA and aligned to CSA best practices. You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provid...

Homoglyph Attacks & Domain Squatting: The Hidden Risk to Your Brand

Blog Published: 07/29/2025

Originally published by CheckRed. Written by Derek Hammack, VP, Operations and Customer Success, CheckRed.   Cybercriminals are getting smarter—and stealthier. One of the most dangerous and overlooked threats to your brand is homoglyph-based domain squatting. It’s not a technical...

How to Spot and Stop E-Skimming Before It Hijacks Your Customers—and Your Credibility

Blog Published: 07/30/2025

Originally published by VikingCloud. Written by Fayyaz Makhani.   Cybercriminals are increasingly targeting SMB e-commerce platforms through stealthy JavaScript injections on payment pages, also known as e-skimming. Recorded Future’s 2024 Fraud Intelligence Report shows a stagger...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.