Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
STAR for AI
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
CSA Training
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Trusted AI Safety Expert (TAISE)
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Controls
AI Safety
Enterprise Architecture
Blockchain
Zero Trust
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Compliance Automation Revolution
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersEventsBlog
How is your enterprise using AI Agents? Help us benchmark security and take the survey before November 30 →

All Articles

Home
All Articles
From Retail Floors to Virtual Cores: ESXi Is the Next Attack Vector in Retail

Blog Published: 09/25/2025

In April 2025, a ransomware attack on Marks & Spencer paralyzed its core systems by encrypting its VMware ESXi hypervisors. The breach halted online sales, disrupted logistics, and left customers in limbo. With damages estimated at over $400 million, the attack revealed a growing trend i...

Introducing the SaaS Security Capability Framework (SSCF) v1.0: Raising the Bar for SaaS Security

Blog Published: 09/24/2025

  Why SaaS Security Needs a Rethink SaaS has changed everything. From collaboration tools to critical business applications, SaaS is now the default way organizations consume technology. But with this massive shift comes a big problem: security hasn’t kept up. Most Third-Party Risk...

The Salesloft Drift OAuth Supply-Chain Attack: Cross-Industry Lessons in Third-Party Access Visibility

Blog Published: 09/25/2025

Abstract The August 2025 Salesloft Drift breach demonstrates a systemic security blind spot across all industries: third-party delegated access through OAuth integrations. Over 700 organizations — including financial institutions, technology companies, healthcare providers, and government ag...

Columbia University Breach Exposes 870,000 Records: The Case for Unified Cloud and SaaS Security

Blog Published: 09/29/2025

When news broke that Columbia University suffered a cyberattack affecting nearly 870,000 individuals, the scale immediately caught attention. The breach not only exposed personal and academic records but also highlighted the growing risks universities face as they rely on complex combination...

Zero Trust Architecture: Principle Driven Security Strategy for Organizations and Security Leaders

Blog Published: 09/30/2025

“Zero Trust Architecture in today’s complex multi-cloud environments provides an effective way to ensure Cyber Resilience and effectively address cyber threats. While the leading organizations and security leaders continue to adopt this change, this article aims to equip them with essential ...

Aligning Risk-Based Security with Business Goals: Bridging the Gap Between IT and Leadership

Blog Published: 09/30/2025

Cybersecurity has evolved from a technical concern to a strategic imperative. For industries like finance, healthcare, retail, and manufacturing, where breaches can devastate operations and reputation, the stakes have never been higher. Rising cyberattack frequency and stringent regulations ...

From Compliance to Culture: What CISOs Need to Know About Evolving SAT

Blog Published: 10/02/2025

For years, security awareness training (SAT) has been treated like a checkbox—an annual task to meet compliance requirements. But cyber threats have grown more sophisticated, targeting people over infrastructure and exploiting human behavior instead of technical flaws. For CISOs, t...

Role Engineering for Modern Access Control

Blog Published: 10/01/2025

In theory, Role-Based Access Control (RBAC) is elegant. In practice, it’s often anything but. Over time, even the most disciplined identity programs fall prey to the usual culprits: role creep, stale entitlements, convoluted hierarchies, and a sprawling mess of redundant or overlapping roles...

AI Log Analysis for Event Correlation in Zero Trust

Blog Published: 09/26/2025

Modern enterprises generate oceans of logs that span on-prem, cloud, IoT, and OT. Think identity, device, data, network, and application events. Logs are the backbone of visibility, but logs alone do not provide actionable insights. They become powerful when analyzed and correlated for threa...

Why Data Protection Is Now a National Security Matter: Understanding the Bulk Data Rule

Blog Published: 10/06/2025

The National Security Division (NSD) of the U.S. Department of Justice (DOJ) issued a Final Rule announcing a new Data Security Program (DSP) under Executive Order 14117: Preventing Access To Americans' Bulk Sensitive Personal Data And United States Government-Related Data By Countries Of Co...

What Does Quantum Computing Mean for MFT?

Blog Published: 10/07/2025

Ask most people what the biggest threat in IT is, and they’ll say “AI” — hailed for productivity and feared for job loss. Yet the more consequential risk may be waiting offstage. Quantum computing, a field overshadowed by the AI frenzy, has the power to render current cryptography algorithms ...

How Event-Based Identity Management Can Enable Dynamic Security

Blog Published: 10/08/2025

Identity has undergone a remarkable transformation in recent years. Sophisticated multifactor authentication (MFA) methods have emerged, with passkeys becoming the latest technology capable of replacing weak passwords. Identity management systems connect vast networks of devices, systems, an...

When OAuth Tokens Go Rogue: Lessons from the Salesloft–Drift Breach

Blog Published: 10/08/2025

In August 2025, attackers exploited the Salesloft-Drift OAuth integration to compromise over 700 organizations’ Salesforce instances. This wasn’t a direct vulnerability in Salesforce, but rather an ecosystem failure highlighting how SaaS supply chains, OAuth tokens, and identity gaps have bec...

From Automation to Augmentation: The Future of SOCs in Enterprise Cybersecurity

Blog Published: 10/09/2025

The sophistication and continuous threat of cyberattacks have outpaced manual response times, and enterprises are confronting a pivotal truth: the era of reactionary cybersecurity is over. Traditional Security Operations Centres (SOCs) are no longer enough, while businesses are now requiring ...

5 Reasons Disconnected Apps Are An Enterprise Risk You Can No Longer Ignore

Blog Published: 10/15/2025

Companies of every size depend on Identity and Access Management (IAM), Identity Governance and Administration (IGA), and Privileged Access Management (PAM) to secure logins, enforce policies, and meet compliance requirements. These platforms are the backbone of modern identity security. Bu...

SOC Analyst Fatigue: What Our Data Says About Sustaining Investigation Speed and Quality

Blog Published: 10/10/2025

If you run or staff a SOC, you already know the story: the longer the shift, the sloppier the notes, the more steps get skipped. The cognitive fatigue hits hard. In CSA’s new benchmarking study, we looked at something teams rarely measure directly: Whether analysts can sustain thoroug...

Beyond AI Principles: Building Practical Transparency for Cybersecurity

Blog Published: 10/14/2025

Executive Summary: Bridging the AI Trust Gap with Practical Transparency Artificial intelligence systems are rapidly becoming a cornerstone of modern cybersecurity. Yet, a fundamental challenge persists: how do you secure what you can't fully understand? The opacity of "black box" AI system...

What Is Model Context Protocol (MCP)?

Blog Published: 10/15/2025

A new language for AI GenAI adoption is becoming more widespread in the enterprise. As a result, we are seeing a growing complexity of AI models and systems. LLM use is evolving into the next iteration of AI innovation: autonomous agents capable of learning, reasoning, and acting independe...

When Simple DNS Mistakes Lead to Big Attacks: Lessons from the MikroTik Botnet

Blog Published: 10/21/2025

Cybersecurity is often seen as a battle against highly complex exploits. Yet, some of the most impactful attacks begin with the smallest mistakes. A recent discovery of a large-scale botnet highlights just how dangerous small DNS misconfigurations can be.   The Attack: Hijacked Router...

Cyber Defense Cannot Be Democratized

Blog Published: 10/17/2025

The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos.   The problem In an earnest attempt t...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
208
209
210
212
214
215
Last »