Salt Security has unveiled its “12 Months of Innovation” recap, a holiday-inspired look at the company’s product, partnership, and research momentum across 2025. As organisations raced to adopt AI agents, MCP servers and cloud-native architectures, Salt delivered an unmatched innovation “gift” to the industry almost every month, helping security teams keep pace with an expanding API attack surface.

From discovering zombie APIs and blind spots across the API fabric to securing AI agents and protecting MCP actions at runtime, Salt’s 2025 roadmap focused on one goal: giving security teams the visibility and control they need at the API action layer where applications, data, and AI intersect.

“In 2025, APIs didn’t just power applications, they powered AI agents, automation, and entire digital business models,” said Roey Eliyahu, co-founder and CEO at Salt Security. “That shift created massive new risk across the API fabric. Our team responded with a steady drumbeat of innovation across the year, so customers weren’t left defending yesterday’s problems while attackers moved on to tomorrow’s opportunities.”

The 12 Months of Innovation: A Year of Gifts for Security Teams

January – The Year Kicks Off with APIs at the Center
Salt Labs and early-year research showed how quickly API traffic and risk were growing, from zombie and unmanaged APIs to software supply chain vulnerabilities, setting the stage for why 2025 demanded a new approach to securing the API fabric. Security teams saw clearly that legacy tools weren’t built for dynamic, AI-driven environments.

February – A Spotlight on API Reality
Salt published its State of API Security Report and celebrated key industry recognition such as inclusion in top security lists, providing hard data on how fast API risk is growing. For CISOs and boards, the message was simple: API security is no longer a niche problem – it’s a core business issue.

March – Gold Medals & Rising Shadows
Salt’s innovation earned industry awards, including a Gold Globee, even as new blogs and research detailed how compliance pressure, data privacy obligations, and AI-driven attacks were expanding the API attack surface. Excellence and urgency moved in lockstep.

April – A Season of Partnerships & Paradigm Shifts
Salt deepened integrations with leading security platforms, including CrowdStrike, and strengthened protections for MCP server–driven architectures. These partnerships gave customers richer context and made it easier to bring Salt’s API intelligence into existing security workflows, connecting more of the enterprise API fabric into a cohesive defence.

May – The Cloud Era Gets Real
With cloud-native adoption surging, Salt expanded coverage for leading cloud environments and partners, powering posture governance, risk-aware recommendations, and alignment with emerging insurance and regulatory expectations. API security moved squarely into the boardroom.

June – Illuminate Everything
Salt launched Salt Illuminate along with expanded Cloud Connect capabilities, giving customers instant visibility into APIs across complex multi-cloud and hybrid environments. What was previously blind – shadow, zombie, and unmanaged APIs – suddenly came into view across the API fabric.

July – CISOs Sound the Alarm
Research and blogs from Salt Labs highlighted high-profile AI incidents, including conversational AI mishaps like the McDonald’s chatbot breach, and introduced Salt Surface to help organisations directly tackle their exposed API footprint. Visibility turned into prioritised, actionable defence.

August – Autonomous Everything
As organisations embraced autonomous workflows, Salt advanced protections for autonomous threat hunting and AI-driven security use cases, underscoring the inseparability of APIs and AI. The message: you can’t secure intelligent autonomy without securing the APIs – and API fabric – that power it.

September – Securing the AI Agent Revolution
Salt introduced the industry’s first solution to secure AI agent actions across APIs and MCP servers, protecting sensitive operations from prompt injection, abuse, and unintended access. This launch moved AI agent security from theory to practical, enforceable controls at the API action layer.

October – The Blind Spots Strike Back
New Salt data revealed the hidden risks in AI agent deployments and complex API ecosystems. Through detailed vulnerability breakdowns and guidance, Salt gave security and development teams the education and clarity they needed to modernise their security posture and better understand blind spots across their API fabric.

November – Security Starts in Code
Salt launched GitHub Connect and MCP Finder, enabling customers to discover shadow APIs, spec mismatches, and risky MCP configurations directly in code repositories and CI/CD pipelines – before deployment. Shift-left security met shift-right runtime intelligence across the API lifecycle, connecting design, code, and runtime behaviour.

December – Hello, Pepper
Salt closed the year by introducing Ask Pepper AI, a conversational assistant powered by the Salt platform, alongside MCP protection for AWS WAF. Security teams can now ask questions, investigate threats, and operationalise Salt insights in natural language while enforcing protection at the edge for MCP-aware and AI-driven applications.

“Instead of a partridge in a pear tree, security teams got 12 months of very real innovation – spanning discovery, governance, runtime protection, MCP and AI agent security, and now conversational investigation with Ask Pepper AI,” said Michael Callahan, CMO at Salt Security. “This year, customers told us they needed both visibility and speed. Our roadmap delivered both, and the market response has been tremendous. We delivered more API and AI security innovation in 2025 than any other player in our space.”

Looking Ahead to 2026

As organisations move deeper into AI-driven operations, agentic workflows, and API-centric architectures, Salt will continue to invest in securing the API action layer and API fabric – the place where AI, applications, and data intersect.

“In 2026, we expect APIs to become even more tightly woven into autonomous systems and mission-critical workflows,” added Eliyahu. “We’re already building the next wave of innovations so our customers can safely move faster than their adversaries.”

The post Salt Security Unveils its “12 Months of Innovation” appeared first on IT Security Guru.

Industrial routers and other OT perimeter devices are absorbing the majority of cyberattacks targeting operational technology environments, according to new Forescout Vedere Labs research.

Analysing 90 days of real-world honeypot data, researchers found that 67% of malicious activity was directed at OT perimeter devices, such as industrial routers and firewalls, compared with 33% aimed at directly exposed OT assets like PLCs and HMIs.

The findings highlight the growing risk facing edge devices that sit between IT and OT networks.

Automated attacks dominate the OT perimeter

The research shows that OT environments are under constant, automated attack, with more than 60 million requests logged across 11 devices in just three months. Once high-volume SNMP fingerprinting traffic was removed, the remaining 3.5 million events revealed that industrial firewalls and routers were the most heavily targeted assets.

Attackers overwhelmingly relied on SSH and Telnet brute-force attempts, which accounted for 72% of perimeter attacks. Many of the credentials used were drawn from well-known default IoT password lists that have circulated for almost a decade, underlining the persistent risk posed by weak or unchanged credentials.

HTTP and HTTPS traffic made up a further 24% of attacks, including thousands of automated exploit attempts designed to force devices to download malware from external servers.

Emerging botnets raise concerns

Researchers identified several malware families actively targeting OT perimeter devices, including RondoDox, Redtail, and ShadowV2. Of these, RondoDox stood out as the most prevalent, responsible for 59% of observed malicious HTTP activity.

RondoDox is a relatively new botnet that has rapidly expanded its exploit arsenal to include more than 50 known vulnerabilities, many without assigned CVEs. While most current exploits focus on IT and IoT devices, researchers warn that the addition of industrial router vulnerabilities could quickly increase the risk to critical infrastructure operators.

ShadowV2, first observed only months ago, has already become the third most common botnet in the dataset, demonstrating how quickly new automated threats are emerging.

Chaya_005: a long-running reconnaissance campaign

One of the most significant findings was the discovery of a previously undocumented activity cluster, dubbed Chaya_005. Active for at least two years, Chaya_005 appears to focus on fingerprinting and capability testing of industrial edge devices, rather than immediate mass exploitation.

The campaign initially included a successful exploit against a legacy Sierra Wireless router, before evolving into a broader set of malformed exploit attempts against multiple vendors’ devices. Researchers believe the activity may be designed to identify which devices are vulnerable to specific command-execution techniques, potentially for future exploitation or monetisation.

Unlike typical botnets, Chaya_005 showed no evidence of indiscriminate scanning or follow-on attacks, suggesting a more deliberate and targeted reconnaissance effort.

Hacktivists and OT expand the threat surface

The research also highlights the growing interest of hacktivist groups in OT targets. In one incident, the pro-Russian group TwoNet compromised and defaced a water treatment HMI in Forescout’s adversary engagement environment.

While such attacks often rely on manual exploitation, the data shows that routers, PLCs, HMIs and even IP cameras are routinely targeted by automated scanners and botnets, blurring the traditional distinction between IT and OT threats.

Security teams urged to rethink IT/OT boundaries

Forescout warns that treating attacks as “IT-only” or “OT-only” is increasingly dangerous. Automated malware does not distinguish between environments, and compromised IT devices at the OT perimeter can serve as a stepping stone into critical systems.

To reduce risk, researchers recommend that organisations harden OT devices, eliminate weak credentials, avoid exposing industrial equipment directly to the internet, and implement OT-aware monitoring capable of detecting malicious behaviour specific to industrial protocols.

The post Industrial routers bear the brunt of OT cyberattacks, new Forescout research finds appeared first on IT Security Guru.

KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, has announced a new custom deepfake training experience to defend against advanced cybersecurity threats from deepfakes such as fraudulent video conferences and AI-generated phishing attacks.

 

Deepfakes can be weaponised and utilised for fraud, disinformation campaigns and cause reputational damage across sectors. These types of deepfake attacks are now linked to one in five biometric fraud attempts, with injection attacks increasing 40% year-over-year, according to Entrust’s 2026 Identity Fraud Report. Security incidents related to deepfakes have increased, with 32% of cybersecurity leaders reporting a spike, according to the KnowBe4 The State of Human Risk 2025 report.

 

“Deepfakes represent a seismic shift in the threat landscape, weaponising AI to impersonate authority, exploit trust, and short-circuit the human decision-making process,” said Perry Carpenter, chief human risk management strategist at KnowBe4. “Our new deepfake training strengthens the workforce’s instincts by providing a safe, tightly controlled environment for learning. All simulations are created and approved by administrators, ensuring ethical use while helping employees recognise narrative red flags, subtle performance inconsistencies, and other cues that manipulated media can reveal. Awareness and preparedness remain our strongest defences, and we are committed to equipping organisations with practical, measurable skills to stay ahead of these emerging threats.”

 

You can check it out in action:

 

Deepfake video content is becoming more realistic and harder to discern from reality. Cybersecurity leaders must prepare their organisations for new and emerging threats, taking a proactive approach to their overall protection efforts. Cybersecurity and IT professionals now have the ability to generate a custom deepfake training experience featuring a leader from their organisation to demonstrate how convincing AI-powered social engineering has become and to deliver clear, actionable guidance on how to detect these attacks.

 

Several anonymous customers who have taken KnowBe4’s deepfake training were highly impressed with the real-world examples and effectiveness of the messaging such as deepfakes of their executives:

• “This was efficient and effective in getting the message across to our executives about what deepfakes are and how to properly deal with them using our inhouse protocols.”
• “Very informative content with real world examples and definitions helps better understand how deepfakes can affect one’s life and the risks they create. Thank you for keeping us alert!”

 

For more information on KnowBe4’s new deepfake training experience, visit https://www.knowbe4.com/deepfake-training.

The post New deepfake training from KnowBe4 – see it in action! appeared first on IT Security Guru.

In today’s world, it can be hard for awareness training to keep up with the modern threats that are constantly emerging. Today, KnowBe4 has announced a new custom deepfake training experience to counteract the risk of ‘deepfake’ attacks as they continue to rise. The experience, which is now available, aims to help employees defend against the advanced cybersecurity threats from deepfakes such as fraudulent video conferences and AI-generated phishing attacks. 

Deepfakes can be weaponised and utilised for fraud, disinformation campaigns and cause reputational damage across sectors. These types of deepfake attacks are now linked to one in five biometric fraud attempts, with injection attacks increasing 40% year-over-year, according to Entrust’s 2026 Identity Fraud Report. Security incidents related to deepfakes have increased, with 32% of cybersecurity leaders reporting a spike, according to the KnowBe4 The State of Human Risk 2025 report.

Perry Carpenter, chief human risk management strategist at KnowBe4, said: “Deepfakes represent a seismic shift in the threat landscape, weaponising AI to impersonate authority, exploit trust, and short-circuit the human decision-making process”

Carpenter continues: “Our new deepfake training strengthens the workforce’s instincts by providing a safe, tightly controlled environment for learning. All simulations are created and approved by administrators, ensuring ethical use while helping employees recognise narrative red flags, subtle performance inconsistencies, and other cues that manipulated media can reveal. Awareness and preparedness remain our strongest defences, and we are committed to equipping organisations with practical, measurable skills to stay ahead of these emerging threats.”

Deepfake video content is becoming more realistic and harder to discern from reality. Cybersecurity leaders must prepare their organisations for new and emerging threats, taking a proactive approach to their overall protection efforts. Through this new experience, cybersecurity and IT professionals now have the ability to generate a custom deepfake training experience featuring a leader from their organisation to demonstrate how convincing AI-powered social engineering has become and to deliver clear, actionable guidance on how to detect these attacks.

The post Next Gen Awareness Training: KnowBe4 Unveils Custom Deepfake Training appeared first on IT Security Guru.

The post office has once again come under scrutiny after avoiding a fine for a data breach. In the data breach, more than 500 former post office workers who were wrongfully convicted during the Horizon IT scandal had their names and personal information leaked. Despite the seriousness of the breach, the post office received what equated to a light scolding from the Information Commissioner’s Office (ICO). This course of action has sparked strong criticism from privacy groups and advocates for the victims.

Data breaches occurring in top governmental agencies like the post office once again bring into question the strength and readiness of public agencies’ cybersecurity protocols. Amidst increasing occurrences of data and data breaches, cybersecurity experts are calling for government and federal agencies to adopt more stringent IT security measures.

Overview of the Data Breach

The breach involved the accidental publication of an uncensored legal settlement document that revealed the identities and addresses of more than 500 former post office employees.

As the news of the breach spread, commentators pointed out how data breaches create serious risks for victims. They highlight how the leaking of sensitive information can cause years of damage, like falling victim to online fraud or exploitation.

Examples of this have been seen in the online entertainment industry, where users’ email addresses and passwords have been leaked, causing mass account takeovers. Video streaming platforms and social media have become popular online forms of entertainment.

These platforms have inherent security flaws though, as passwords can easily be hacked. For this reason, many online users are turning to platforms that run on more secure blockchain networks, such online games that include top crypto casinos. Firstly, these platforms offer much more entertainment value, providing users with access to thousands of online casino games. The major appeal comes from the safety and transparency offered by blockchain technology. Thanks to blockchain networks, these platforms offer provably fair games, faster and more secure transactions, and strong data protection.

How the Data Leak was Completely Preventable

The data breach happened when a member of the Post Office’s press team uploaded an uncensored version of the 2019 litigation settlement to the agency’s public website by mistake. Two months passed by before the file was finally removed. The presence of the file online was eventually brought to attention by an external law firm rather than internal safeguards. Further highlighting the agency’s internal failings. ICO officials made it clear that the leak was preventable should proper publishing controls and data-handling procedures had been followed. A few major issues were pointed out by the ICO, mainly the lack of quality-assurance processes for online publication. In addition, the regulator pointed to minimal staff training and a lack of technical systems to detect or prevent the upload of sensitive data.

For the victims still dealing with the fallout of their wrongful convictions, the leak was just another institutional betrayal. Many of the workers whose information was leaked spent years trying to clear their names. They faced bankruptcy, damaged reputations, and in some cases, imprisonment.

Why the ICO Issued Only a Reprimand

The regulatory body sees the data breach as not serious enough to meet the requirements for a fine. Under its regulatory framework for the public sector, the ICO can impose financial penalties of up to £1.09 million for serious breaches. In the case of this leak, the ICO felt that a public admonishment would suffice instead of issuing a fine. This decision received strong criticism and backlash, especially from privacy advocates. Privacy advocates and cybersecurity groups argue that a public reprimand does nothing to remedy the situation. Instead, they argue, it gives public agencies the impression that they can continue to get away with data breaches unscathed.

The Open Rights Group called the decision “ludicrous”, warning that it risked sending the signal to other public organisations that a lack of proper data-protection standards carries few consequences. These concerns were mirrored by the victims of the breach and their legal representatives. They pointed out that data relating to exonerated individuals carries unique risks. In their criticism, they highlighted that a lack of fines or any tangible consequences minimises the harm caused and reduces the pressure on the Post Office to improve its internal processes and systems.

The Horizon Scandal’s Lasting Impact

The Post Office’s data breach cannot be separated from the history of the Horizon IT scandal. More than 500 post office employees, many of whom were sub-postmasters, were wrongfully accused of theft, fraud, and false accounting. These accusations were made after the Horizon software, which had software bugs, generated financial shortfalls in branch accounts. This software error caused many people to lose their livelihoods, their homes, and affected their mental health. In the worst cases, some were even imprisoned or died before their names could be cleared.

Compensation and Mitigation Measures Taken by the Post Office

After the data breach, the Post Office offered the victims financial compensation. While the compensation was a welcome relief, it was limited. Depending on the case, victims could receive up to £5000, with payouts based on whether the leaked addresses of the victims were current or outdated. Although some victims accepted the payout, critics of how the Post Office handled the situation say that the compensation was too little when compared to the seriousness of the breach.

Beyond financial settlements, the Post Office also offered two years of identity-protection services for the victims. These services included fraud monitoring, credit alerts, and dark-web surveillance. Again, these interim measures are aimed at helping the immediate victims of the data breach, but legal experts are still calling for more robust security systems and risk mitigation protocols to be put in place so that future breaches can be avoided.

The post ICO Issues Post Office Public Reprimand Instead of Fine Over Data Breach appeared first on IT Security Guru.

Keeper Security has announced a new integration with ServiceNow® IT Service Management (ITSM) and the Security Incident Response (SIR) module. The integration allows organisations to securely ingest security alerts from across the Keeper platform directly into ServiceNow, enabling faster and more consistent investigation of incidents tied to credentials, secrets and privileged access.

Stolen credentials remain one of the most common entry points for cyber attackers. According to the 2025 Verizon Data Breach Investigations Report, 60% of cybersecurity breaches involve the human element, including compromised passwords and misuse of access. Keeper’s global research reinforces the urgency of protecting the identity layer, with 69% of organisations adopting Privileged Access Management (PAM) to defend against credential theft. Many of these threats originate from privileged and administrative activity, which organisations secure through solutions like KeeperPAM®, Keeper’s cloud-native PAM platform. The new ServiceNow integration helps teams operationalise these defences by routing high-priority identity and access alerts into the workflows they already rely on for incident management.

Craig Lurey, CTO and Co-founder of Keeper Security, said: “Identity-based attacks are growing more sophisticated, but the fundamentals remain the same. Defenders need reliable signals and immediate context, and this integration delivers both. By sending Keeper’s privileged access telemetry to ServiceNow in real time, security teams can focus on analysis and action instead of stitching data together. It’s a streamlined, practical way to strengthen visibility where it matters most.”

The Keeper Security ITSM application provides a guided setup experience and a secure, OAuth 2.0-protected webhook to receive alerts from the Keeper platform. Security teams can operationalise activities such as BreachWatch® detections of compromised passwords, changes in privileged user behaviour and high-risk actions involving credentials, secrets or privileged sessions. The integration automatically converts incoming alerts into SIR tickets with full contextual detail, allowing analysts to triage and investigate with greater accuracy and fewer manual steps.

The integration offers secure webhook ingestion protected by OAuth 2.0, automatically converting incoming alerts into SIR records to remove manual ticket creation and speed up response times. Administrators can map alert types to custom severity levels, configure the connection, and manage authentication tokens without any bespoke development. Each alert includes detailed metadata to support investigations, and the platform’s zero-knowledge architecture ensures Keeper cannot access or decrypt customer data, maintaining strong privacy and security throughout.

“Attackers don’t wait, so organisations shouldn’t wait either for the critical signals that can stop an attack before damage is inflicted,” said Darren Guccione, CEO and Co-founder of Keeper Security. “By bringing Keeper’s privileged access intelligence straight into ServiceNow, in real time, we’re giving organisations a faster path to detection and response at the identity layer, where most attacks begin.”

As organisations contend with increasingly distributed infrastructure and a rise in credential-driven attacks, consistent visibility across identity and privileged access tools is essential. Keeper’s integration with ServiceNow closes a persistent monitoring gap and strengthens an organisation’s ability to detect, investigate and resolve identity-related incidents quickly.

The post Keeper Security Launches ServiceNow Integration to Improve Visibility and Response to Cyber Attacks appeared first on IT Security Guru.

The Trust Crisis No One’s Talking About

Every breach, leak, or phishing attack doesn’t just affect the targeted company—it reverberates across the broader consumer landscape. Each new headline chips away at public trust. As a result, businesses are no longer just battling hackers. They’re also fighting the numbness and skepticism of customers who have seen too many privacy violations go unpunished.

This phenomenon, often called “breach fatigue,” leads to disengagement. People stop reading breach notifications. They reuse passwords despite warnings. More dangerously, they lose trust in companies—even the ones that haven’t been breached.

So how do you rise above the noise and rebuild trust? How can you turn this fear and apathy into an opportunity to deepen loyalty?

Breach Fatigue Is Real—And It’s Changing Behavior

Consumers once reacted to data breaches with alarm. Now, for many, it’s just part of the background noise. With nearly every industry touched by cybersecurity failures, users are no longer shocked. They’re exhausted.

That exhaustion influences behavior. Customers become reluctant to sign up for new services. They skip optional profile fields. They abandon carts when asked to create accounts. More critically, they grow skeptical of brands’ promises—especially those related to data protection.

To counteract this, brands need to move from being reactive to proactive. It’s not enough to apologize after a breach or post a generic “we care about your security” message on a website. Brands must demonstrate security in action—while showing how it benefits the customer, not just the business.

Proactive Transparency Builds Resilience

The first step to regaining confidence is transparency—before anything goes wrong. It may seem risky to spotlight your security measures or privacy practices, but this kind of openness works as a trust-builder. It tells your audience that you take their data seriously, even when there’s no immediate crisis.

More importantly, transparency helps people understand how your policies directly benefit them. Instead of saying, “We use encryption,” explain what that means for the user: “Even if our systems are compromised, your payment data remains unreadable.”

Integrate real-time updates and digestible security explainers into your customer-facing platforms. Humanize your IT policies. Use plain English to describe what’s happening and why it matters.

Many of the best email marketing platforms now include tools for integrating trust-building messages into automated campaigns. Whether you’re sending onboarding emails or monthly newsletters, there’s space to include subtle but meaningful transparency cues that remind users of your commitment to their safety.

Consistency Across Channels Builds Credibility

Trust isn’t just built in your privacy policy—it’s reinforced in every interaction. If your social media tone is casual but your breach response is stiff and legalistic, that creates confusion. If your website says “data privacy is a priority,” but your support team asks users to email passwords, that undercuts your message.

Consistency matters. It signals that your values are baked into your operations—not tacked on as a response to bad press.

Use every touchpoint—support scripts, transactional emails, even feature updates—as a chance to reinforce your security posture. Let users know how changes affect their data, not just your backend.

This is where customer journey mapping intersects with trust recovery. Brands using the best email marketing platforms can automate multi-stage messaging that explains security updates in stages—making it easier to maintain consistency while reducing overwhelm.

Empathy Is the Ultimate Differentiator

Security discussions are often dry, technical, and fear-driven. But the brands that build loyalty go beyond compliance—they show empathy.

Empathy means recognizing that customers are tired of feeling exposed. It means understanding the emotional toll of breach fatigue and addressing it with reassurance, not condescension.

Simple actions make a difference:

• Frame security features as ways to reduce stress, not just risks.
• Acknowledge that security isn’t the user’s responsibility alone.
• Use friendly reminders rather than urgent threats when asking users to update settings.

Instead of launching yet another campaign reminding users to enable two-factor authentication, explain how it could prevent identity theft in a relatable way. Frame the action around empowerment, not paranoia.

Security Education Can Be a Loyalty Program in Disguise

Brands often try to educate users after something has gone wrong. But what if security education were part of your value proposition?

Companies that help users feel smarter and safer create a strong emotional connection. When people understand how to protect themselves online, they attribute some of that confidence to the brand that helped them.

Consider embedding bite-sized cybersecurity tips into your existing content strategies. These could be:

• Quick tips inside newsletters
• Explainer videos on your product dashboard
• Interactive security checklists in your mobile app

The key is to frame education as user benefit—not brand protection. If customers start seeing your brand as a trusted advisor in a dangerous world, they’ll stay loyal even during rough patches.

Make Security a Feature, Not a Footnote

For many companies, security is treated as a backend obligation. It’s mentioned at the bottom of pages or buried in user agreements. But to build loyalty, security needs to be visible—and marketed as a benefit.

Positioning security as a product feature makes it easier to justify pricing, upsells, or longer onboarding processes. If you can show that your platform saves users from future headaches, they’re more likely to accept friction now.

For example:

• Highlight fraud detection in payment systems as a value-added service.
• Promote privacy-first design as a competitive advantage.
• Emphasize how secure defaults reduce user errors.

Don’t wait until customers demand it. Be loud about what you’re doing behind the scenes—before it becomes a front-page crisis.

Recovery Is a Brand Moment—Own It

No brand is breach-proof. What separates the respected from the forgotten is how they respond when the worst happens.

A well-planned incident response can turn a crisis into a loyalty moment. But it requires more than legal disclaimers.

Be fast. Be human. Be humble.

Let affected users know what happened, how they’ll be supported, and what they can expect moving forward. Use direct communication channels—like email—to deliver updates and next steps. Reassure them, not just with words, but with actions (free credit monitoring, extended support, direct points of contact).

Breach recovery isn’t just about containment. It’s about rebuilding trust—starting from the inside out.

Offer Control and Ownership to Users

People are more likely to trust a platform when they feel in control. Offer granular privacy settings, allow them to download or delete their data, and explain what each option means. Transparency about how data is stored and processed gives users a sense of ownership.

It also shifts the narrative from “you might be compromised” to “you’re in charge.”

Brands can use onboarding emails and milestone-triggered messages to introduce these controls in context. Rather than dumping a list of settings on users all at once, use staged communications to guide them through the most relevant options over time.

Turning Trust Into Retention

Trust doesn’t just reduce churn. It creates advocacy. Customers who feel protected are more likely to recommend you to others, forgive mistakes, and invest in long-term relationships.

Loyalty built on security isn’t flashy, but it’s powerful. It’s not based on discounts or gimmicks, but on the quiet confidence that you’re looking out for their best interests—even when it costs you.

Trust, once earned, becomes a barrier to competition. And in a world of constant threats, that’s a stronger differentiator than almost anything else.

 

Breach fatigue is a modern reality—but it’s also a brand opportunity. Companies that rise above the noise, communicate clearly, and treat users with empathy won’t just survive—they’ll earn long-lasting loyalty.

Security is no longer just IT’s job. It’s a brand promise. And in an environment where confidence is hard to come by, keeping that promise is one of the best growth strategies available.

The post From Breach Fatigue to Brand Loyalty: Winning Customer Confidence in an Era of Constant Threats appeared first on IT Security Guru.

This week, Outpost24 announced the acquisition of Infinipoint, a specialist in device identity, posture validation, and secure workforce access. The acquisition marks Outpost24’s entry into the Zero Trust Workforce Access market and enhances its identity security division, Specops, by laying the foundation for a unified approach that evaluates both the user and the device before access is granted.

As organisations advance their Zero Trust strategies, authentication alone is no longer enough. MFA and SSO confirm who the user is, but they do not validate the security of the device being used. In hybrid environments where employees, contractors, and partners rely on a mix of corporate and unmanaged devices, this gap has become a significant source of risk. Ensuring that only secure, compliant devices can access critical systems is now essential to reducing credential misuse, preventing lateral movement, and maintaining regulatory assurance.

Organisations will benefit from the combined strengths of Specops’ unrivalled authentication and Infinipoint’s device identity and posture expertise, gaining a unified, context-aware approach to workforce access. This will allow organisations to evaluate both user and device trust at the moment of access, strengthening Zero Trust adoption while improving compliance and operational efficiencies by leveraging Infinipoint’s unique self-service and auto-remediation capabilities – across any device and any identity provider.

“With the strategic addition of Infinipoint’s unique capabilities to the Specops platform, we are setting a new benchmark for Zero Trust Workforce Access with a holistic security layer that ensures every access attempt is validated across both the person and their device,” stated Ido Erlichman, Chief Executive Officer of Outpost24. “This acquisition strengthens our identity security portfolio and supports our strategy to help customers reduce risk across every stage of the access journey.”

Shirona Partem, Managing Director of Specops, added: “For many organisations, securing access requires supporting both password and passwordless authentication. Infinipoint’s device identity and posture verification complement both models, giving customers stronger assurance that access originates from a trusted user on a trusted device. This addition enhances the Specops portfolio and broadens how we support organisations in protecting their workforce.”

Commenting on the acquisition, Ran Lampert, Chief Executive Officer and Co-Founder of Infinipoint, said: “We are excited to join the Outpost24 family, and bring device identity and posture enforcement to a wider global audience. Together, we are setting the new standard for Zero Trust access, combining user and device validation into a seamless security fabric that eliminates historic access vulnerabilities. This powerful integration delivers the true promise of Zero Trust, giving our customers the confidence to scale their businesses globally with secure, friction-free access for every employee, every time.”

The acquisition underscores the Outpost24’s commitment to advancing its exposure management and identity security capabilities and strengthens its role in delivering end-to-end visibility and control across identities, devices, and the external attack surface.

The post Outpost24 Acquires Infinipoint appeared first on IT Security Guru.

As AI-generated threats continue to rise, more organisations are turning to red teaming to turn the tide. Nothing provides a better understanding of your security posture like letting a red team loose on your environment to simulate a real-world attack. 

Here is a list of some of the top red teaming tools you’ll find in 2026—along with what you’ll need to know to make your choice.  

Cobalt Strike (Fortra)  

Cobalt Strike is one of the most widely used red teaming tools in cybersecurity today. As one engineer noted, “It was the product that changed the industry” as its insights spurred the development of Endpoint Detection and Response (EDR). Now, nearly a decade and a half later, it continues to be the professional’s choice and is estimated to be in use by 60% of red teamers out there.  

Strengths 

• Vetted Exploits: One of Cobalt Strike’s key advantages is its interoperability. By integrating closely with Core Impact, it offers users full access to Core Impact’s library of core certified exploits, which is widely trusted by security experts over potentially risky open-source options.  

• Malleable C2: Traffic can be made to resemble legitimate apps (by altering URLs, headers, payload formatting, etc.), a mature and well-documented technique. 

• Integrated Workflow: Bundles payload generation, post-exploitation features, a team server for collaboration, and a single operator workflow—instead of making teams cobble together separate OSS components. 

• Superior Support: Commercial licensing comes with professional support; vendor maintenance, documentation, and live help. For teams that want compatibility with corporate tooling and predictable updates, this is key.  

• Mature Solution with Repeatable Results: Polished GUIs, established C2 features, team collaboration workflows, and vetted exploits mean repeatable, credible results.  

Limitations 

• Commercial Licensing: Commercial pricing can be high for smaller teams. 

• Legal Considerations: Cobalt Strike can only be used in authorised engagements. 

Watch Now: See Cobalt Strike explained in two minutes: https://www.youtube.com/watch?v=9BUxptcYZCk 

Mythic 

Mythic is an open-source, modular command-and-control (C2) framework perfect for creating customised “agents” across Windows, macOS, and Linux targets.  

Strengths 

• Highly Extensible: New features easily added or modified without an extensive overhaul. Every feature runs as a containerized microservice. 

• Fully Customisable: Used for openness, flexibility, and the ability to research and craft new payloads. 

• Development and Research: Many use Mythic for research, educational, and development purposes as it provides full control and zero licensing costs.  

Limitations 

• Requires Orchestration: Container orchestration, agent configuration, and more administrative effort than commercial tools are required. 

• Steep Learning Curve: Without a “turnkey” setup or a single-vendor installer, operators must be experienced to get Mythic up and running. 

AdaptixC2  

AdaptixC2 is a fairly new open-source red teaming tool that entered the market in January 2025. It offers flexibility, a modular architecture, and works across multiple operating systems. With no licensing costs, it is good for labs and bespoke engagements. 

Strengths 

• Cross-Platform Support: It offers support for Windows, Linux, and macOS agents. 

• “Extenders” and Plug-Ins: Add in additional capabilities like lateral movement, credential harvesting, and custom payloads. 

• Modifiable and Open-Source: Great for emulating bespoke adversaries as it is deeply customisable and easily expanded.  

Limitations 

• Less Mature: Being newer on the market means fewer “out of the box” modules and less battle-tested experience.  

• Less Standardised and Established: Integrating with other red-team ecosystems (toolchains, training, reporting workflows) may require more customisation. 

Sliver 

Developed by Bishop Fox, Sliver is an open-source adversary emulation platform that implants “slivers” (malicious binaries) across many architectures and supports multiple transport options. 

Strengths 

• Staged and Stageless Payloads: Sliver delivers both staged and stageless payloads to launch both larger, immediate-impact attacks and smaller, size-constricted ones. 

• Flexible Transport Options: Offers native support for DNS, HTTP(S), mTLS, WireGuard and custom transports for varied emulation of egress patterns.  

• Dynamic Code Generation: Reduces static detections (when configured properly) with per-binary keys and compile-time options to change fingerprints.  

Limitations 

• No Commercial SLA: Teams need to invest in their own internal support, testing, hardening, and expertise.  

• Payload Size: Some users report the need to reduce forensic artefacts.  

Havoc  

Havoc has rapidly gained traction in the red teaming community as one of the few open-source C2 tools to be designed with operator UX in mind.  

Strengths 

• Fully Customisable: Teams can extend, modify, and audit the framework (again, good for research, education, and custom engagements).  

• Fast Set Up: Documentation, tutorials, and YouTube walk-throughs shorten the learning curve, along with active community engagement. 

• Approachable UX: A GUI-driven framework smooths set up and provides a more polished, modern user experience comparable to commercial-grade tools. 

Limitations 

• Younger Ecosystem: Less battle-tested than older, more established red teaming tools; capabilities may evolve unevenly. 

• Operational Hardening Required: To achieve enterprise-grade OPSEC, internal investment is required: cleaning proxies, testing against EDR/XDR stacks, hardening listeners.   

Outflank Security Tooling (OST)  

Outflank Security Tooling, or OST, is a collection of advanced red teaming tools made “by red teamers, for red teamers.” This broad, evasive toolset emulates real-world attacks by simulating APT techniques, bypassing defences, and providing high-end offensive security. 

Strengths 

• Expert Maintained: OST is continuously updated by the hackers and experts that use it themselves, making it well-suited for mature and sensitive target environments. 

• Full Kill Chain Coverage: Get advanced tools to break the attack chain at any stage. Small teams can punch above their weight with shortcuts for hard stages like EDR evasion, initial access, and OPSEC-safe lateral movement. 

• Unique Industry Advantage: OST features techniques not yet weaponized or even published by other teams, giving organisations a unique advantage over other tools and attackers.  

Limitations 

• Vetted Audience: Because of its powerful capabilities, Outflank Security Tooling is not a tool for the masses. Instead, it is available only to a vetted community of responsible buyers and red team professionals because of its real-world attack potential. 

• OS-Specific Evasion: Evasion techniques are carefully crafted to work with certain operating systems and configurations, just like an attackers’ techniques. This means that an exploit designed for a Windows 11 endpoint may not work on Windows 10. 

Kali Linux 

Maintained by Offensive Security, Kali Linux is a Debian-based Linux construction used for red teaming, pen testing, and digital forensics. Rather than a specialised red teaming tool, it is a complete operating system and toolkit.  

Strengths 

• Preinstalled Security Tools: Kali Linux ships with 600+ preinstalled security tools (from John the Ripper to Burp Suite to Wireshark). 

• Free and Open Source: Users can modify, inspect, and rebuild it. No licensing or usage fees.  

• Open to Integration: Kali Linux serves as the foundation for red teaming tools, integrating with frameworks like Sliver and Havoc (C2 operators) to act as host. 

Limitations 

• Not a C2 Framework: While Kali Linux supports C2 frameworks, it is an environment—not a post-exploitation or C2 platform in its own right. 

• Inconsistent Tool Maturity: Tools can overlap, lead to inefficiencies, or (in the case of older tools) be buggy, outdated, or redundant.  

Matrix Table 

Tool	Overview	Use Case
Cobalt Strike	Commercial, professional-grade red teaming and post-exploitation platform used by ~60% of red teams worldwide.	Professional, repeatable red teaming engagements
Mythic	Open-source, modular C2 framework for research and custom agent creation.	Highly modular, customizable, cross-platform agent dev
AdaptixC2	New (2025) open-source C2 platform emphasizing modularity and cross-platform operation.	Highly modular, customizable, cross-platform agent dev
Sliver (BishopFox)	Open-source adversary emulation framework for red teaming with multi-transport implants (“slivers”).	Open-source research and adversary emulation
Havoc	Open-source GUI-based C2 framework designed for usability and community collaboration.	Modern GUI-driven open C2 alternative
Outflank Security Tooling (OST)	High-end offensive security red teaming toolkit created “by red teaming experts for red teaming experts.”	Advanced APT simulations and evasive tactics for mature, sensitive target environments.
Kali Linux	Debian-based Linux distro for penetration testing, digital forensics, and red teaming; acts as a tool platform.	Training and general-purpose pentesting

 

Conclusion: Commercial vs Open-Source 

Ultimately, the choice between commercial red teaming tools and open-source options depends on where you are willing to sacrifice. 

As SANS notes, “Balance the cost against the potential ROI. Open-source tools…may be cost-effective and community-driven, while commercial tools…often come with a additional capabilities and a curated database. This typically includes the latest threat intelligence, attack vectors, new campaigns and overall support.” 

Whether your organisation is looking for a cost-friendly option or a mature, licensed solution, there is a red teaming vendor that can fit your needs in 2026.  

FAQ:

What is a red team? 

A red team is a group of ethical hackers that play the part of adversaries in simulating a real-world cyberattack for the purpose of testing an organization’s cybersecurity defences. They play a key role in offensive security. 

 

What is the difference between a red team and a blue team? 

A red team attacks; a blue team defends. Though they play opposite roles in red team engagements, all are on the same side: improving the cybersecurity posture of the target organisation.  

This is why teams should prioritise blue team success over red team wins.  

Watch this explainer video for more: https://www.youtube.com/watch?v=E3ZMAipJvao 

 

How is red teaming different from penetration testing?
Pen testing searches for and catalogues vulnerabilities, specifically.  Red teaming leverages advanced and creative ways to breach an organisation, from social engineering to APTs and beyond. It is broader, less predictable, and tests everything from the tool stack to the response capabilities of the blue team.

 

What is the goal of a red team exercise?

The goal of a red team exercise is to uncover ways in which threat actors could leverage internal weaknesses, misconfigurations, and oversights – along with technical exploits and expertise – to access an organisation’s internal network, services, or applications and disrupt operations, exfiltrate data, and otherwise inflict harm.  

 

How do you get legal/ethical approval to run a red team? 

The red team engagement needs to be authorised and approved by the organisation and key stakeholders. Basic steps include: 

• Scope and Justification: Define what you’re testing and why 
• Sign-Off: Approval from legal, risk/compliance, SOC/security, IT/network operations, HR (if phishing), C-Suite sponsor 
• Rules of Engagement (RoE): Defines technical boundaries, allowed techniques, and things like safe words and kill switches. 

 

What kind of tools do red teams use?  

Red teams typically use command-and-control (C2) platforms to run red team engagements. These frameworks can be commercial-grade or open-sourced, and include tools such as: 

• Beacons/Agents/Slivers 

• Adversary Emulation Platforms 

• Exploit Frameworks 

• Lateral-Movement Tools 

• Post-Exploitation Tools (Outflank Security Tooling (OST)) 

• Payload Builders/Obfuscators/Packers 

• Transport and Tunneling Tools 

• Reconnaissance and Scanning Tools (Shodan, theHarvester) 

• Social Engineering and Phishing Toolkits (Social Engineering Toolkit (SET)) 

• Penetration Testing Tools (Core Impact) 

• Network/Application Testing Tools (Wireshark, Burp Suite) 

• Physical Tools (RFID cloners, lock-pick sets) 

• Command Libraries/Scripts/ Automation 

Cobalt Strike was one of the first public red team C2 frameworks and is a favourite in the red teaming community.  

What’s a purple team exercise and should we do one? 

A purple team exercise brings red teams and blue teams together in a collaborative security assessment. The focus is on bringing both skillsets to the table for the purpose of learning, teaching, and improving—not “winning.”  

A purple team mindset recognizes red and blue as the same team – with the ultimate goal of beating attackers – and fosters engagements that act as an open-communication training opportunity.  

The post The Best Red Teaming Tools of 2026: What You Need to Know appeared first on IT Security Guru.

South Korea’s largest online retailer, Coupang, has been rocked by a massive data breach that exposed the personal details of nearly 34 million customers, forcing CEO Park Dae-jun to resign amid mounting scrutiny from regulators and the public.

The breach, one of the most severe in South Korea’s history, reportedly included names, email addresses, phone numbers, and shipping details. While Coupang said that payment and login credentials were not compromised, the scale of the exposure has prompted police raids and a government-led investigation. The company has since apologised and appointed Chief Administrative Officer Harold Rogers as interim CEO while pledging to overhaul its cybersecurity practices.

According to Paul German, CEO at Certes, this incident is emblematic of a much broader trend. “2025 has, unfortunately, been the year of the high-profile data breach. Millions, no, billions, of dollars have been squandered in terms of reputational damage, lost sales and productivity, not to mention judicial penalties. When you factor in the knock-on effects across supply chains and third-party suppliers, the true cost of data exposure becomes staggering.”

German says Coupang’s leadership change underscores a critical lesson for corporate boards everywhere: data protection is no longer just a technical concern but a boardroom responsibility. “The CEO’s resignation is a stark reminder that data protection is not an IT issue, but an executive issue,” he adds. “Ultimately, it is the Board’s duty to ensure the company’s data is protected, wherever it resides. For any CEO, failure to do so risks not just the organisation’s trust, but their own career.”

As Coupang works to regain customer confidence, the company’s turmoil serves as a cautionary tale for global business leaders: in an era where cyber incidents can destroy reputations overnight, executive accountability for data security is non-negotiable.

The post Coupang CEO Resigns Following Major Data Breach Exposing 34 Million Customers appeared first on IT Security Guru.

Sophia McCall is a rising force in cybersecurity and a leading cyber security speaker. She is a cyber security professional who co-founded Security Queens, a platform created to break down barriers in a sector that has struggled with representation. Her work focuses on improving capability, access and visibility for underrepresented groups while helping organisations strengthen their approach to security.

Sophia has built a reputation for combining technical skill with a commitment to inclusion. She challenges outdated perceptions of the industry and shows companies how diverse teams contribute to better decision making and stronger defences. Her advocacy for mentorship has also helped many new entrants navigate a field that can often feel inaccessible. In this exclusive interview with the Cyber Security Speakers Agency, Sophia McCall discusses diversity, mentorship, hidden cyber threats and the cultural changes businesses need to make security truly effective.

Q: In practical terms, how does diversity strengthen a company’s security posture?

Sophia McCall: “So I think diversity brings a perspective of thought to your security teams. I think the more varied thought that you have within your defence teams, you’re less likely to fall into something like group think.

“And the more backgrounds you can bring in, the more different angles and perspectives you can bring in from different people, the better you’re able to kind of try to solve that problem.”

Q: What do you see as the main reasons the cyber security sector still struggles with diversity?

Sophia McCall: “So I think we have quite a big stereotype problem in cyber security, particularly with the news media portraying a hacker as a sweaty teenage boy hiding in a basement in a hoodie.

“We still have this image issue that persists within the industry. I’ve had to previously tell people that I’m not the diversity pick. You know, I’m here because I know what I’m doing. I’m very skilled at what I’m doing.

“But that kind of gatekeeping is quite exhausting, and even though we’re a little bit better, we still have a little bit further to go.

“So that’s why I co-founded Security Queens, a platform where we can welcome diversity and anyone can have that content to be accessible as much as they can.

“And it’s not just about that, but it’s about improving capability, access, and representation within the industry and trying to break down those barriers and toxic norms.”

Q: You speak often about mentorship. Why is it such a crucial part of building a stronger cyber workforce?

Sophia McCall: “So I’m a really big believer in mentorship. I really think it bridges the gap between potential and opportunity. Growing up, it was really nice to have female role models in the cyber security industry.

“Just seeing someone succeed and do well. I think having that form of mentorship is really good for someone that perhaps is a bit nervous or has quite a lot of self-doubt.

“Especially for something like cyber, which everyone thinks, “Oh, it’s really technical, it’s not for me.” There are loads of different career routes that you can go down that don’t mean you have to be a techie as such. And it’s all about passing that knowledge and actually building a community in cyber as well.”

Q: What cyber threats are business owners facing today that often go completely unnoticed?

Sophia McCall: “So I think one of the biggest risks that a lot of companies face is third-party risk. You can make your internal systems as secure as possible, but unfortunately if your suppliers or your supply chain is exposed, that’s definitely a way in for adversaries.

“Another thing that we’ve seen rise in recent years, especially with hybrid working, is things like bring-your-own-device or people working from home. So again, that adds another layer of exposure for companies.

“But also, something that’s particularly forgotten sometimes is insider risk as well. Not necessarily a malicious insider, but perhaps people that are less informed with security practice and clicking on phishing links, falling for scams, that kind of thing, which again leaves organisations exposed.”

Q: From your perspective, what remains the single biggest vulnerability inside most businesses?

Sophia McCall: “So there’s a saying that goes humans are the weakest link, and unfortunately, I think I am a little bit inclined to believe in that. You can invest millions in your firewalls and your defence technologies, but if you do not train your employees and your staff to spot a phishing email or how to spot a scam or a bit of fraud, it’s unfortunately all for nothing.

“So human error is still quite a big cause of major breaches and I’m always a big believer that security training is more of a culture that needs to be embedded in an organisation rather than a chore. So that’s something we can definitely work on, and particularly larger businesses that have those kinds of threats.”

Q: What common employee mistakes continue to put organisations at risk?

Sophia McCall: “So a lot of people think, “Oh, security is not my problem, that’s the IT department or the security team.” And I think one of the biggest things we need to make sure people know is that security is everyone’s responsibility.

“As I previously mentioned, phishing is a really big cause of breaches in many organisations and that’s something that we definitely need to address, but it’s all about empowering your employees with the right knowledge and making sure they are trained and have that awareness.

“And so, things like simulated phishing campaigns, things like that, help bring up that security barrier for them.”

Q: When you speak publicly, what do you most hope audiences carry forward?

Sophia McCall: “So I’m a really big believer in learning and not gatekeeping knowledge. Whenever I deliver a talk, I really want people to feel empowered and curious and wanting to learn more in a way.

“So cyber security isn’t just for the elite technical folks in the room. It is for everyone. Whether I’m speaking at a bank or a school, my goal is to demystify the subject so it can be accessible for everyone, quite exciting almost and actually quite impactful.

“I hope people don’t see diversity as a buzzword but actually as a strength to their team, and that mentorship and inclusion can help that journey and process as well.”

In 2025, Sophia McCall was named amongst the Top 20 Most Inspiring Women in Cyber.

The post Q&A: How Diversity and Mentorship Are Reshaping the Future of Cybersecurity appeared first on IT Security Guru.

A new industry report by KnowBe4 suggests that organisations are facing a sharply escalating human-centred risk landscape as artificial intelligence becomes embedded in everyday work. The State of Human Risk 2025: The New Paradigm of Securing People in the AI Era, based on survey responses from 700 cybersecurity leaders and 3,500 employees who experienced an employee-involved incident in the past year, highlights a 90% surge in incidents linked to the human element.

The findings point to a widening attack surface driven by social engineering, unsafe employee behaviour and simple mistakes. According to the report, 93% of surveyed leaders experienced incidents in which cybercriminals exploited employees directly. Email continues to dominate as the primary battleground, with a 57% rise in email-related incidents and 64% of organisations reporting external attacks delivered through email. Human error remains a major weak point, with 90% of organisations facing incidents caused by employee mistakes, while malicious insiders accounted for issues at 36% of organisations.

Budget pressures are mounting too, as nearly all (97%) of the cybersecurity leaders asked said they need increased investment to strengthen the human-security layer.

AI’s rapid infiltration into workplace tools is introducing a new tier of risk. AI-related security incidents climbed 43% in the past 12 months—the second-largest increase across all channels surveyed. Despite 98% of organisations taking steps to address AI-related threats, security leaders ranked AI-powered attacks as their top concern, with 45% citing the constant evolution of AI-driven threats as their biggest challenge in managing behavioural risk. Deepfake-related incidents are also rising, affecting 32% of organisations.

Tensions around workplace AI use appear to be contributing to emerging “shadow AI” behaviours. While most organisations have implemented AI-risk measures, 56% of employees expressed dissatisfaction with their employer’s approach to AI tools, potentially driving them towards unsanctioned platforms.

The report suggests email will remain the highest-risk channel for several years, but warns that attackers are increasingly shifting to multi-channel campaigns, including messaging apps and voice phishing. The growing use of AI by threat actors to craft convincing, scalable attacks is expected to accelerate this trend.

 Javvad Malik, lead CISO advisor at KnowBe4, said: “The productivity gains from AI are too great to ignore, so the future of work requires seamless collaboration between humans and AI. Employees and AI agents will need to work in harmony, supported by a security programme that proactively manages the risk of both. Human risk management must evolve to cover the AI layer before critical business activity migrates onto unmonitored, high-risk platforms.”

The post Human-Centric Cyber Risks Surge as AI Enters the Workforce, Report Finds appeared first on IT Security Guru.

Black Duck today announced the launch of Black Duck Signal, a new agentic AI platform designed to secure software at the same speed it’s now being developed with AI coding tools.

As AI-driven development accelerates, traditional security testing methods have struggled to keep pace. Black Duck Signal aims to bridge that gap by combining two decades of the company’s software security expertise with large language model (LLM)-powered software analysis to autonomously detect and remediate vulnerabilities across source code, binaries, supply chain components, and running applications.

The rise of AI coding assistants and autonomous agent workflows has transformed how software is built. Still, it has introduced new challenges in ensuring the security of AI-generated code. Signal is purpose-built for this era, working natively within AI-enabled development environments to identify, prioritise, and fix vulnerabilities in real time.

Unlike generic AI tools, Signal blends advanced multi-model LLM technology with human-labeled application security intelligence from the Black Duck KnowledgeBase, a vast repository built over years of analysis of both open-source and commercial software. The result is a system that provides accurate, context-aware insights without the noise, hallucinations, or false positives that often plague automated code analysis.

Signal’s agentic architecture enables both developers and security teams to work more efficiently by integrating directly with AI coding assistants such as Google Gemini, GitHub Copilot, Claude Code, and Cursor, as well as with other Black Duck security products. The platform’s real-time analysis capabilities allow it to scan new and modified code as it’s written, ensuring continuous protection without slowing down the development process.

“AI is revolutionizing how software is built—and with Signal, Black Duck is redefining how you secure it by completely eliminating the noise of legacy tools,” said Jason Schmitt, CEO of Black Duck. “Developers are moving faster than ever, embracing AI to build and deliver software at unprecedented speed. Signal is the first programming language-agnostic security analysis product to combine the power of LLM-based code analysis with petabytes of human-labeled security data curated over our decades of analysing real-world commercial and open-source software. Signal is designed to give developers the clarity, confidence, and control they need to innovate securely—without slowing down.”

In addition to real-time code analysis, Signal automates the remediation process with verified code fixes and library patching, reducing manual effort while maintaining developer control. It also brings advanced exploitability analysis to reduce alert fatigue and focuses attention on the vulnerabilities that matter most. Beyond traditional vulnerability scanning, Signal’s AI-driven detection of business logic flaws gives teams visibility into application-level zero-days that typically evade rule-based systems.

The post Black Duck launches Signal™, bringing agentic AI to application security appeared first on IT Security Guru.

Saviynt has today announced a $700M Series B Growth Equity Financing at a valuation of approximately $3 billion. Funds managed by KKR, a leading global investment firm, led the round with participation from Sixth Street Growth and TenEleven, as well as new funding from existing Series A investor Carrick Capital Partners.

The investment reflects what many in the cybersecurity sector see as an accelerating shift: as organizations deploy generative AI, autonomous agents, and machine-driven workflows, identity security is becoming core infrastructure rather than a back-office compliance function.

AI Spurs a New Identity Crisis

Saviynt’s platform is designed to manage the full spectrum of digital identities now proliferating across enterprises, from employees and contractors to machine workloads, service accounts, certificates, keys, and increasingly AI agents that operate autonomously.

Unlike earlier identity and access management tools built for predictable human usage, modern platforms must govern identities that make real-time decisions and interact continuously across cloud environments and AI ecosystems.

“This is a defining moment for Saviynt and the industry,” said Founder and CEO Sachin Nayyar. “The demand for secure, governed identity has never been greater. Identity has become central to enterprise AI strategies, and this investment gives us the resources to meet that demand globally.”

Saviynt’s unified architecture merges identity governance (IGA), privileged access management (PAM), application access governance (AAG), identity security posture management (ISPM), and access gateways into a single AI-enabled platform designed for cloud-native environments.

KKR Expands Its Cybersecurity Footprint

For KKR, the investment extends a two-decade track record of backing high-growth cybersecurity firms. The firm has previously supported companies such as Darktrace, ReliaQuest, KnowBe4, Ping Identity, ForgeRock, and Semperis.

“Saviynt has built one of the most advanced and comprehensive identity security platforms in the market, purpose-built for the AI era,” said Ben Pederson, Managing Director at KKR. “We look forward to partnering with the team to scale their platform globally and advance their next-generation AI capabilities.”

KKR is investing through its Next Generation Technology Growth Fund III.

Rapid Customer and Platform Growth

Saviynt’s momentum reflects the growing urgency of securing both human and non-human identities. The company now serves more than 600 enterprise customers, including over 20% of Fortune 100 companies.

The company has recently:

• Launched new tools for AI Agent Identity Management and Non-Human Identity Management
• Expanded its PAM and ISPM capabilities
• Added AI-enabled intelligence to automate onboarding, access reviews, and provisioning
• Delivered integrations with AWS, CrowdStrike, Zscaler, Wiz, and Cyera

Funding to Accelerate R&D and Ecosystem Expansion

Saviynt plans to use the capital to accelerate product development, expand AI-based utilities designed to help customers migrate from legacy systems, and deepen integrations with hyperscalers, software vendors, and channel partners.

The company said it also aims to strengthen its global go-to-market efforts as enterprises confront the security challenges introduced by AI-driven operations.

Advisors

Piper Sandler served as Saviynt’s exclusive financial advisor. Cooley LLP advised Saviynt, while Latham & Watkins LLP represented Carrick Capital Partners. Gibson, Dunn & Crutcher LLP advised KKR, and Moelis & Co along with Kirkland & Ellis LLP advised Sixth Street Growth.

The post Saviynt Raises $700M at Approximately $3B Valuation appeared first on IT Security Guru.

Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its behavioural threat protection to safeguard Model Context Protocol (MCP) servers via AWS WAF. The announcements highlight the company’s growing focus on visibility, risk reduction and real-time defence in increasingly complex cloud and AI environments.

On 1 December, Salt launched “Ask Pepper AI”, a natural language interface designed to help security teams instantly query their entire API estate. Built on Amazon Bedrock, the tool allows users to ask plain-English questions (such as “Which of my APIs expose PII?” or “What APIs have the highest Risk Score?”) and receive immediate, actionable insights drawn from Salt’s API Discovery, Posture Governance and Threat Protection capabilities.

With organisations struggling for clarity in sprawling cloud environments, Salt’s H2 2025 State of API Security Report found that only 19% feel “very confident” in the accuracy of their API inventory, while 15% admit they do not know which APIs expose personal data. Salt says “Ask Pepper AI” helps close these gaps by democratising access to critical security information and accelerating both incident response and risk prioritisation.

“API security is complex, but understanding your risk shouldn’t be,” said Michael Nicosia, Co-Founder and COO at Salt Security. “‘Ask Pepper AI’ makes it simple. By using Amazon Bedrock, we’re putting powerful, intuitive security insights into the hands of everyone from SOC analysts to CISOs. When most organisations aren’t even sure what their API inventory looks like, the ability to just ask and get an immediate answer is a game-changer.”

Two days later, Salt announced a second major capability: the extension of its patented API behavioural threat protection to detect and block malicious intent targeting MCP servers. MCP servers allow LLMs and autonomous agents to execute tasks by calling APIs and tools, but their growing usage has outpaced security controls. Often deployed without central oversight and exposed to the internet, they are becoming a new target for attackers seeking access to sensitive data and system functionality.

Building on Salt’s recently released MCP Finder technology, the company now enables organisations to identify misuse or abuse of MCP servers and automatically block threats using AWS WAF, leveraging real-time behavioural intelligence from the Salt platform.

“Most organisations don’t even know how many MCP servers they have, let alone which ones are exposed or being abused,” said Nick Rago, VP of Product Strategy at Salt Security. “This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure.”

By combining MCP discovery with AWS WAF enforcement, customers can block attacks before they impact applications, uncover shadow or unmanaged MCP instances, extend edge protection to the AI action layer, and continuously update defences as attacker tactics change.

The post Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure appeared first on IT Security Guru.

Keeper Security has announced the appointment of Tim Strickland as Chief Revenue Officer (CRO). Strickland will lead Keeper’s global revenue organisation, driving go-to-market strategy, customer growth and channel expansion as demand accelerates globally for modern Privileged Access Management (PAM) and identity security solutions.

Strickland brings more than two decades of executive leadership experience scaling high-performance revenue teams at category-defining SaaS companies. Most recently, he served as Chief Revenue Officer at ZoomInfo, where he guided the company through a successful IPO, built its customer growth and strategic sales functions and oversaw the go-to-market integration of eight acquisitions.

Prior to ZoomInfo, Strickland held senior revenue leadership roles at Marketo, where he played an integral role in the company’s growth, its take-private acquisition by Vista Equity Partners and subsequent sale to Adobe. His responsibilities spanned enterprise sales, account management, customer success and global channel development.

“Tim is joining Keeper at a pivotal moment as organisations around the world confront unprecedented identity-based threats,” said Darren Guccione, CEO and Co-founder of Keeper Security. “He brings the kind of leadership that elevates teams, sharpens focus and accelerates impact. Tim understands the responsibility we have to our customers, and he shares our commitment to building secure, elegant solutions that drive meaningful outcomes. I’m confident he will help propel Keeper into its next chapter of growth while keeping our vision and our customers at the centre of everything we do.”

In his new role, Strickland will oversee Keeper’s global sales, customer success, revenue operations and channel ecosystem, with a focus on expanding market penetration for Keeper’s unified privileged access management platform. KeeperPAM® combines enterprise password management, secrets management, privileged session management, zero-trust network access, endpoint privilege management and remote browser isolation into a single cloud-native solution—designed to meet surging global demand for credential and identity-based threat protection.

“Identity and access security has never been more critical, and Keeper has built a revolutionary cybersecurity platform for organisations,” said Strickland. “The market opportunity is tremendous, and the company’s momentum reflects a deep commitment to innovation and customer value. I’m excited to help scale our impact globally and support customers in strengthening their security posture.”

Strickland also serves as an Advisory Partner with Summit Partners, where he helps high-growth technology companies navigate go-to-market transformation and scale with discipline. As Keeper continues to meet rising global demand for modern privileged access and identity security, Strickland’s leadership will help advance the company’s mission to deliver zero-trust and zero-knowledge solutions that protect the world’s most sensitive data and systems.

The post Keeper Security Appoints New Chief Revenue Officer appeared first on IT Security Guru.

KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive year and acknowledged specifically for its Ability to Execute and Completeness of Vision. 

KnowBe4 Cloud Email Security provides users with:    

• Advanced AI-enabled detection to mitigate the full spectrum of inbound phishing attacks and outbound data loss and exfiltration attempts 

• KnowBe4’s Agentic Detection Engine that leverages sophisticated natural language processing (NLP) and natural language understanding (NLU) models to protect inboxes from advanced phishing, impersonation and account takeover attacks  

• Integration in the KnowBe4 HRM+ platform that uses deep per-user behavioural analytics and threat intelligence to deliver personalized security at the point of risk 

• Continuous behavioural-based training delivered through real-time nudges 

A rise in advanced technology to address sophisticated phishing attacks and behaviour-led outbound data breaches has driven significant innovation in email security. According to the KnowBe4 2025 Phishing Threat Trends Report Vol. Six, there was a 15.2% increase in phishing email volume between March 1st – September 30th, 2025, compared to the previous six months.  

“We are honoured to be recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms,” said Bryan Palma, CEO, KnowBe4. “Email communication remains the primary attack vector for organisations globally. KnowBe4 plays an instrumental role in providing adaptive AI-enabled technology to build a stronger security culture for customers. In our opinion, this positioning validates our strategic vision and relentless focus on human and agent risk management that goes beyond detecting threats to preventing them before they reach employees’ inboxes.” 

This news follows several recent announcements which exemplify the strength of KnowBe4 Cloud Email Security, including the integration of Microsoft Defender O365 and recognition as a Gartner Peer Insights Customer’s Choice for email security platforms.  

Download a copy of the report.  

The post KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security appeared first on IT Security Guru.

For years, the cybersecurity community has fought the scourge of weak, reused passwords. The solution, which was overwhelmingly adopted by both businesses and consumers, was the password manager (PM). These tools moved us from flimsy ‘123456’ credentials to unique, 30-character alphanumeric strings, stored behind a single, powerful master password.

But this elegant centralisation creates a paradox. By consolidating all digital keys into one encrypted vault, have we simply moved the weakness rather than eliminated it? Is this single, powerful key actually the soft underbelly of modern cybersecurity?

The Centrality of Strong Credentials

The necessity of strong and unique passwords cannot be overstated, as they form the bedrock of digital defence. Compromised credentials are the primary vector for data breaches. They affect everything from sensitive work systems and financial applications to personal e-commerce accounts and, increasingly, entertainment platforms. The security stakes are incredibly high across the board. For example, when engaging with entertainment platforms such as online casinos, where sensitive financial details are exchanged, and large sums can be involved, robust password hygiene is a non-negotiable requirement.

The need to protect these accounts dictates that users rely on tools to generate and store complex character strings. When reviewing the offerings for such platforms, resources like those curated by adventuregamers.com often highlight sites that prioritise player security. What’s more, they typically pay attention to strong architectural benefits such as secure payment methods and end-to-end encryption. Such diligent, layered protection is extremely important, yet all of that diligence ultimately hinges on the user’s own diligence in protecting their account with a unique, strong password that they have stored safely.

The Single Point of Failure Paradox

The most significant challenge to password managers is the single point of failure that they represent. If a cybercriminal can acquire the master password for a vault, they gain immediate access to every stored credential: banking, email, social media, and corporate access. This represents a far more lucrative target than breaching a single, isolated account. The risk is compounded by the fact that the most common failure point is not the vault itself. It is actually human error.

The master password, by necessity, must be complex yet memorable enough for the user to type manually. If a user chooses a weak master password or if they fall victim to a targeted keylogger or highly sophisticated phishing attempt, then the entire security framework collapses. While this risk does, of course, exist with any single password, the cascading effect here can be catastrophic. Furthermore, the master password’s security relies entirely on the security of the device it is typed into. If that device is compromised by potent, custom-built malware, then the master password can be intercepted before it ever interacts with the zero-knowledge architecture of the manager itself.

Architectural Defence: Zero-Knowledge Encryption

To counter the single point of failure, reputable password manager services employ sophisticated zero-knowledge architecture. This is the core technical defence that elevates them above simple, local file encryption. In a zero-knowledge system, the encryption and decryption of the vault happen locally on the user’s device and never on the provider’s actual server.

The provider only stores the cryptographically scrambled and salted blob of data. They never hold the master password or the key required to unscramble the vault, meaning that even if the password manager company’s servers are breached, the hackers only obtain a useless piece of encrypted data. They would still need to launch a brute-force attack on a highly salted and iterated hash, and this is an effort that could take centuries with our current computing technology.

This distinction is crucial. The provider cannot hand over your passwords to a government agency, a subpoena, or a hacker because they genuinely do not have access to them. The weakness doesn’t lie in the manager’s architectural security, but in its implementation on the end-user device. A sophisticated, state-sponsored attack on the endpoint device itself, such as a remote access trojan (RAT) or screen-scraping malware, is the only way to bypass this robust, zero-knowledge encryption model.

Beyond the Code: Phishing and Human Error

Ultimately, the password manager’s greatest vulnerability is not its code, but the user experience it requires. The convenience of autofill is a double-edged sword. While it does save time and prevent typographical errors, it can also be easily exploited by malicious sites.

Sophisticated phishing attacks can create near-perfect, convincing login pages that are designed to capture credentials. A well-designed password manager should only autofill a login on a specific, trusted domain, but user confusion or certain browser extensions can sometimes override these safety checks. The user, who is accustomed to the ease of autofill, may not notice the subtly altered URL of a phishing site until it is too late.

The other primary vector is the bypass of multi-factor authentication (MFA). While a PM helps secure the first factor (the password), many high-value accounts protected by PMs are also protected by MFA. However, attackers are increasingly using MFA fatigue attacks or complex adversary-in-the-middle (AiTM) techniques to steal a session token after the user authenticates with both their PM-stored password and their MFA token. This attack targets the session rather than the vault. This proves that a PM is not a complete security solution. Rather, it is a robust tool that must be correctly layered with other security controls, such as hardware security keys and stringent device hygiene.

The post The Vault or the Vulnerability? Why Your Password Manager Might Be the New Cyber Risk appeared first on IT Security Guru.

Modern iGaming security has evolved quickly, and users notice the difference. Stronger protections, more transparent communication, and more innovative tools give people far more confidence than older platforms ever did. At the same time, the number of online poker sites keeps growing, prompting users to seek more explicit guidance and safer options. This mix of better security and higher expectations shapes how people decide where to play—and why modern platforms continue to gain their trust.

Rising Expectations Around User Choice and Platform Safety

A lot of people feel overwhelmed the moment they start comparing different digital entertainment platforms, mainly because everything starts to look the same. You jump from one option to another, and before long, you’re not even sure which features actually matter. That’s usually when people begin looking for more explicit guidance and platforms that communicate safety without making users dig for it.

As platforms compete for attention, they raise their security standards to show they take user protection seriously. People notice stronger authentication, more precise privacy explanations, and better overall transparency. Those small details help them decide faster and feel more confident in their choice, rather than second-guessing every step.

There’s the bonus of feeling at ease since you know what you’re doing business with, taking out the blind step risk, and making it all more deliberate. When users are supported from the get-go, they relax and focus on savoring the experience rather than fretting about hidden snags.

Security Advances Driving Modern iGaming Forward

Modern iGaming platforms invest a chunk in authentication because users are known to give proper attention to it. Forcing a user to feel ‘safer’ with features such as device verification, biometrics, app-based codes, and never just an empty password field. These protections do not signal professionalism; they set expectations. After finally becoming used to ‘stronger’ security, anything ‘less’ feels dated.

On the other hand, real-time monitoring is of tremendous importance at present, as threats change rapidly. Platforms employ behavior-based tools to identify abnormal patterns before they materialize into something substantial. End-users may not realize it is happening in the background, but they surely see the outcomes. Fewer account issues and fewer security pop-ups really smooth the experience and take the stress out of it.

Encryption standards are at a level most people associate with banking or healthcare, and that in itself speaks volumes about the users. When a platform secures data with the same level of seriousness as a financial institution, people respond with greater trust. It turns moments of sensitivity – payments, or identity checks – into simple steps instead of points of anxiety.

Another interesting trend is the transparency that platforms provide. They do not ask users to trust them blindly; instead, they publish summaries of audits, security updates, and system notes. When details are shared, it gives people a sense that the platform is really taking ownership of their safety. This, in turn, lowers the fear of hidden issues and builds a stronger relationship with long-term users.

Why Traditional Apps Struggle to Keep Pace with Modern Threats

Most traditional apps rely on older system structures, which becomes problematic when threats evolve faster than their update cycles. A platform that still relies on legacy permissions or outdated libraries will create lag that end users feel. End users can feel it when an app feels very clunky and not ready to face modern risks; it’s a confidence eroder all by itself.

Many of these older systems also require manual updates, which slows everything down. A security issue that modern platforms patch instantly can sit unresolved in a traditional app until someone schedules the update. Users don’t always see the technical reason behind the delay, but they feel the fallout every time something doesn’t work the way it should.

Another issue comes from rigid permission handling. Older apps often ask for more access than they actually need, which raises red flags for people who care about privacy. Modern platforms take the opposite approach: they request the minimum and explain why. That contrast makes traditional apps look careless, even when they’re not trying to be.

On top of that, traditional apps tend to approach security reactively instead of proactively. They address problems after they happen rather than preparing for them in advance. Users today expect more, especially when digital entertainment platforms keep showing what quick adaptation looks like. Once they realize the difference, it becomes hard to go back to something that feels slower and less reassuring.

Wrap Up

Modern iGaming platforms raise the bar with faster updates, stronger authentication, and a more explicit commitment to user protection. People feel the difference immediately, especially when they have guidance that helps them make confident choices. As security continues to improve and new tools become standard, users can expect a safer, more transparent experience every time they play online.

The post Do Modern iGaming Platforms Offer Better Cyber Protections Than Traditional Apps? appeared first on IT Security Guru.

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers.

Unlike many other APT groups, Librarian Ghouls does not rely on custom malware. Instead, they exploit legitimate third-party tools such as remote access software, archivers and SMTP utilities to craft near-perfect phishing campaigns, including password-protected files and polymorphic malware that adapts in real time. These tactics allow the attackers to slip past traditional detection controls almost unnoticed.

This incident is part of a broader and growing challenge when cybersecurity tools operate in silos, attackers exploit the gaps between them. Endpoint detection and response (EDR), firewalls, and authentication systems each play an important role, but without integration, they offer only partial visibility.

An EDR solution, for example, may overlook legitimate administrative tools if they do not exhibit overtly malicious behaviour. A firewall will flag anomalous outbound connections but often lacks the context to determine the originating user or endpoint. Authentication logs may capture a series of valid logins without recognising a lateral movement pattern.

The lesson from this is clear – integrated visibility across security layers is critical. Correlating signals from multiple tools is essential to detect complex, multi-stage attacks that no single solution can fully uncover on its own. Without this unified perspective, organisations risk missing the bigger picture until it’s too late.

With multiple security solutions generating alerts, many organisations operate with a false sense of security. Without integration, security is fragmented, leaving gaps for sophisticated attacks to exploit, sometimes for weeks or months.

 

How to protect against threats that evade detection

Organisations need a unified view of their environment and the ability to respond in real time. This is where Managed Detection and Response (MDR) come in. MDR combines advanced threat detection, analytics and human expertise to monitor, investigate, and respond to threats 24/7. Unlike traditional tools working in isolation, MDR correlates signals across endpoints, networks, cloud environments, and identity systems, enabling faster and more accurate detection of suspicious activity.

A strategic MDR approach gives organisations the ability to detect and respond to threats with a level of speed and accuracy that isolated tools cannot match. Firewalls might block unusual connections and EDRs may spot anomalous behaviour but when these signals operate independently, critical patterns can be missed. MDR leverages AI and automation to connect these disparate alerts, allowing real threats to be identified enabling the identification of real threats within minutes. It is effective even when attackers deliberately blend their activity with normal operations.

Once a genuine threat is detected, the speed of response is essential. By providing a unified view across network, endpoint and identity layers, MDR accelerates investigations, reduces operational disruption and helps maintain business continuity while protecting an organisation’s reputation. At the same time, AI-driven correlation filters out noise and false positives, highlighting only the most relevant alerts and providing the context security teams need to act decisively. This focus is particularly valuable in resource-constrained environments, where every second counts and alert fatigue can undermine effectiveness.

The Librarian Ghouls’ breach demonstrated that attackers could circumvent defences when solutions are uncoordinated. It’s like trying to find a needle in a haystack. MDR addresses this challenge by correlating disparate signals, filtering false positives and providing a unified view of infrastructure. By doing this, it amplifies the value of each security layer. EDRs gain the context to identify anomalies, firewalls better interpret network connections and identity systems more accurately flag suspicious access.

The post What your firewall sees that your EDR doesn’t appeared first on IT Security Guru.