As we look at the remainder of 2025 and beyond, the pace and sophistication of cyber attacks targeting the financial sector show no signs of slowing. In fact, based on research from Check Point’s Q2 Ransomware Report, the financial cybersecurity threat landscape is only intensifying. Gone are the days when the average hacker was a..
According to the Thales Consumer Digital Trust Index 2025, global confidence in digital services is slipping fast. After surveying more than 14,000 consumers across 15 countries, the findings are clear: no sector earned high trust ratings from even half its users. Most industries are seeing trust erode — or, at best, stagnate. In an era..
Alan reflects on a turbulent year in DevSecOps, highlighting the rise of AI-driven security, the maturing of hybrid work culture, the growing influence of platform engineering, and the incredible strength of the DevSecOps community — while calling out the talent crunch, tool sprawl and security theater the industry must still overcome.
통신 네트워크는 이제 어디에나 있다. 데이터 관리부터 비즈니스 구동, 대륙을 가로지르는 사람 연결까지 세상을 움직이는 기반이 됐다. 오랫동안 이 분야의 보안 방식은 비교적 단순했다. 벽을 세우고, 위협은 밖에 두고, 내부는 전부 신뢰하는 방식이었다. 네트워크가 폐쇄적으로 잠겨 있을 때는 이런 방식이면 충분했다.
하지만 그런 시대는 끝났다. 이제 워크로드는 하이브리드 클라우드 전역으로 퍼지고 엣지 기기는 폭발적으로 늘고, 수많은 서드파티 솔루션 업체가 통신망에 연결된다. 예전의 경계선 개념은 사실상 사라졌다.
그래서 제로 트러스트가 필요해졌다. 그저 최신 유행어에 그치는 것이 아니라 생존을 위한 필수 도구가 됐다. 많은 기업이 제로 트러스트를 마치 사서 도입할 수 있는 제품 정도로 오해한다는 점이다. 제로 트러스트는 그런 방식으로 작동하지 않는다.
통신을 발목 잡는 오해
통신 업계를 보면 어느 곳에서나 제로 트러스트라는 단어가 나온다. 이사회, 전략 문서, 솔루션 업체 프레젠테이션 등 어디에나 등장한다. 그런 과정에서 제로 트러스트의 본래 의미가 많이 희석됐다. 많은 경영진이 제로 트러스트를 규제 준수 체크리스트 한 줄, 또는 또 하나의 소프트웨어 구축 사업 정도로 여긴다.
현실은 훨씬 냉정하다. 제로 트러스트는 사고방식이다. 가정을 버리고 끊임없이 검증하는 쪽으로 전환하는 관점이다. 이런 사고방식이 조직 문화에 스며들어야 보안이 ‘해야 하는 일’ 수준을 벗어나 실제 운영 방식으로 자리 잡는다. 하지만 대부분 통신사는 이런 인식 전환에 아직 이르지 못했다. 표면적인 안전만 믿고 있고, 공격자는 이런 허점을 정교하게 파고든다.
피해가 연결되는 IT와 OT
요즘 OT(운영기술) 환경을 노리는 공격은 대부분 IT 환경에서 출발한다. 공격자가 관리자 계정을 탈취하거나 허술한 인터페이스를 찾으면, 네트워크 장비나 기지국 컨트롤러 같은 핵심 설비 쪽으로 바로 이동할 수 있다.
IT와 OT의 간극을 줄이는 해법은 조직도를 바꾸는 일이 아니다. 모든 것을 한눈에 보고, 단일한 규칙 집합으로 다루는 일이다. 접근 권한 정책을 공유하고 패치 우선순위를 명확히 정하고, 위협 탐지를 통합해야 한다. 이런 요소가 하나로 맞물려 돌아갈 때 비로소 제로 트러스트가 현실적인 보안 모델로 구현된다.
진짜 적 : 집요함과 인내심
통신 사업자는 이제 개인 해커나 랜섬웨어 범죄조직만 상대하지 않는다. 오늘날 가장 큰 위협은 충분한 자금과 인력을 갖춘 집요한 공격 그룹이다. 국가 차원의 공격 조직이 보이지 않게 잠복하는 방식이다. 솔트 타이푼(Salt Typhoon)과 같은 공격 사례는 이런 그룹이 통신망 안에 몇 달씩 머무르며 민감한 데이터를 빼내고, 그 결과가 실제 지정학적 위험으로 이어질 수 있음을 보여줬다.
미국 사이버보안·인프라보안국(CISA)은 2021년 이후 전 세계 통신 사업자를 침투한 공격 사례와 관련해 볼트 타이푼(Volt Typhoon)을 포함한 중국 연계 그룹의 위험을 공식 경고했다.
없는 신뢰를 새로 쌓는 방법
제로 트러스트는 단순한 기술 업그레이드가 아니라 습관의 문제다. 그 중에서도 세 가지 습관이 핵심이다. 항상 검증하고, 필요한 만큼만 권한을 주고, 문제가 퍼지지 못하게 막는 일이다.
항상 검증하기. 로그인 절차가 검증의 끝이 아니다. 사람, 기기, 시스템 모두에 대해 접속 위치, 수행하는 작업, 평소와 다른 점이 있는지 계속 살펴야 한다.
최소 권한 부여. 사람이나 시스템이 가질 수 있는 권한을 최소화할수록 문제가 생겼을 때 피해 범위가 줄어든다. 권한만 잘 죄어도 별도의 화려한 신규 도구 없이도 위험을 크게 낮출 수 있다.
네트워크 분리. 문제 확산을 차단하는 일이다. 네트워크를 작고 고립된 영역으로 잘게 나누는 마이크로 세그먼트 구조를 만든다. 이렇게 분리된 네트워크에서는 침해 사고가 발생해도 피해를 최소화할 수 있다.
외면하기 어려운 존재, 레거시 기술
솔직히 말해 레거시 인프라는 사라지지 않는다. 수십 년 전에 구축한 네트워크 하드웨어가 지금도 통신망을 지탱한다. 당시 장비는 24시간 가동과 내부 자동 신뢰를 전제로 설계됐다. 전부 새 장비로 교체하는 일은 위험 부담이 크고 비용도 막대하다. 그대로 두는 선택지가 조금 더 위험할 뿐이다.
현실적인 해법은 기존 시스템을 현대적인 ‘보안 셸’로 감싸는 일이다. 보안 게이트웨이, 중앙집중형 인증, 세션 모니터링 같은 계층을 덧씌우는 방식이다. 이런 계층을 추가하면 대규모 교체로 인한 서비스 중단 위험 없이도 지금 당장 보안 수준을 끌어올릴 수 있다.
제로 트러스트의 목표는 완벽한 이상향을 좇는 일이 아니다. 전체 보안 수준을 한 단계씩 끌어올리는 과정이다. 매 연결을 검증하고, 하나씩 워크로드를 분리할 때마다 네트워크는 조금씩 더 단단해진다.
국경을 넘나드는 실질적 컴플라이언스
제로 트러스트는 기존 컴플라이언스 규정을 무시하는 개념이 아니다. 그런 규정을 토대로 쌓아 올리는 전략이다. ISO 27001, 미국 국립표준기술연구소의 사이버보안 프레임워크(NIST Cybersecurity Framework), 유럽연합의 NIS2 지침(EU NIS2 Directive), 각국 통신 규제 등 어떤 규제를 적용하더라도 핵심은 같다. 위험을 계속 점검하고, 누가 들어오는지 통제하고, 관리 상태를 증명하는 일이다.
제로 트러스트 관점을 이런 프레임워크에 녹여 넣으면 컴플라이언스는 골칫거리가 되지 않는다. 단순히 요건을 채우는 작업이 아니라 일상적인 보안 활동의 일부가 된다. 위협 양상이 바뀌면 보호 체계도 함께 바뀐다. 네트워크가 어디에 위치하든 점검을 받기에 충분한 준비 상태를 유지할 수 있다.
성과가 보이는 전환 : 첫 180일 동안 확인할 6가지 KPI
경영진은 막연한 약속이 아니라 증거를 원한다. 제로 트러스트를 도입해 처음 6개월 동안 실제로 살펴봐야 할 지표는 다음과 같다.
필요 이상으로 남아 있던 고급 권한 계정 수가 줄어든다.
이상 징후를 포착하는 속도가 빨라진다.
접근 승인 절차가 지연되지 않고, 거버넌스가 비즈니스 속도에 맞춰 움직인다.
더 많은 엔드포인트와 워크로드가 모니터링 대상에 올라간다.
네트워크 내부를 몰래 돌아다니는 침입 행위가 줄어든다.
IT와 OT 팀이 공동 대응 훈련을 실제로 수행한다.
이들 지표는 보여주기용 수치가 아니다. 제로 트러스트가 유행어를 넘어 실제로 효과를 내고 있음을 증명하는 지표다. 이후 전략을 계속 고도화할 수 있는 기반이 된다.
유행어에서 기본 원칙으로
제로 트러스트는 더 이상 말뿐인 개념이 아니다. 네트워크 보안 수준을 평가하는 기준으로 자리 잡았다. 통신 산업에서 제로 트러스트 도입은 이미지 관리가 아니라 생존 전략이다.
시장조사기관 가트너는 2027년까지 기업의 70%가 보안 전략 수립을 제로 트러스트 관점에서 시작할 것으로 전망한다. 현재 수치는 20%에도 못 미친다.
여전히 낡은 경계 방어에 매달리면 과거 전쟁을 치르는 셈이다. 선도 사업자는 제로 트러스트를 여정으로 받아들이고 있다. 이 기업이 앞으로 모두가 의존하게 될 통신 네트워크를 차근차근 구축하고 있다. dl-ciokorea@foundryco.com
When it comes to AI, trust used to mean one thing — accuracy. Does the model predict correctly? Then we started asking harder questions about bias, transparency and whether we could explain the AI’s reasoning. Agentic AI changes the equation entirely. When a system doesn’t just analyze or recommend, but actually takes action, trust shifts from “Do I believe this answer?” to “Am I still in full control of what this system does?”
In the agentic era, trust must evolve from ensuring accurate results to building systems that can ensure continuous control and reliability of AI agents. As a result, trust is now the foundational architecture that separates organizations capable of deploying autonomous agents from those perpetually managing the consequences of systems they cannot safely control. My question for enterprise leaders is: Are you building that infrastructure now or will you spend next several years explaining why you didn’t?
Traditional security was built on static trust: verify identity at the gate, then assume good behavior inside the walls. Agentic AI demands we go further. Unlike traditional applications, AI agents adapt autonomously, modify their own behavior and operate at machine speed across enterprise systems; this means yesterday’s trusted agent could potentially be today’s compromised threat that immediately reverts to normal behavior to evade detection.
Trust cannot be established and maintained just at the perimeter; our focus must shift to inside the walls as well. Securing these dynamic actors requires treating them less like software and more like a workforce, with continuous identity verification, behavioral monitoring and adaptive governance frameworks.
Successful trust architecture rests on three foundational pillars, each addressing distinct operational requirements while integrating into a cohesive security posture.
Pillar 1: Verifiable identity
Every AI agent requires cryptographic identity verification comparable to employee credentials. Industry leaders recognize this imperative: Microsoft developed Entra Agent ID for agent authentication, while Okta’s acquisition of Axiom and Palo Alto Networks’ $25 billion CyberArk purchase signal market recognition that agent identity management is critical.
Organizations must register agents in configuration management databases with the same rigor applied to employee vetting and physical infrastructure, establishing clear accountability for every autonomous actor operating within enterprise boundaries.
Pillar 2: Comprehensive visibility and continuous monitoring
Traditional security tools monitor network perimeters and user behavior but lack mechanisms to detect anomalous agent activity. Effective trust infrastructure requires purpose-built observability platforms capable of tracking API call patterns, execution frequencies and behavioral deviations in real time.
Gartner predicts guardian agents, which are AI systems specifically designed to monitor other AI systems, will capture 10% to 15% of the agentic AI market by 2030, underscoring the necessity of layered oversight mechanisms.
Pillar 3: Governance as executable architecture
Effective governance transforms policies from static documents into executable specifications that define autonomy boundaries, such as which actions agents can execute independently, which operations require human approval and which capabilities remain permanently restricted. Organizations with mature responsible AI frameworks achieve 42% efficiency gains, according to McKinsey, demonstrating that governance enables innovation rather than constraining it — provided the governance operates as an architectural principle rather than a compliance afterthought.
In sum, trust infrastructure isn’t defensive. It’s the prerequisite for deploying AI agents in high-value workflows where competitive advantage actually resides, separating organizations capable of strategic deployment from those perpetually constrained by risks they cannot adequately manage.
The 2027 divide
Gartner predicts 40% of agentic AI projects will be canceled by 2027, citing inadequate risk controls as a main factor. By then, there will be a clear divide between organizations that can safely deploy ambitious agentic use cases and those that cannot afford to. The former will have built trust as infrastructure; the latter will be retrofitting security onto systems already deployed and discovering problems through costly incidents.
Trust can’t be borrowed from consultants or bought from vendors. Unlike traditional currencies that flow freely, trust in the age of agentic AI must be earned through verifiable governance, transparent operations and systems designed with security as a core principle, not an afterthought. As the gap between those who have it and those who don’t widens, the architectural decisions you make today will determine which side of the divide you’re on.
This article is published as part of the Foundry Expert Contributor Network. Want to join?
Security is reaching a breaking point as growing technical complexity becomes a major risk vector. Learn why modern systems amplify threats—and how to stay ahead.
You may have noticed that large pieces of the Internet were down on Tuesday. It was a problem at Cloudflare, and for once, it wasn’t DNS. This time it was database management, combined with a safety limit that failed unsafe when exceeded.
Cloudflare’s blog post on the matter has the gritty details. It started with an update to how Cloudflare’s ClickHouse distributed database was responding to queries. A query of system columns was previously only returning data from the default database. As a part of related work, that system was changed so that this query now returned all the databases the given user had access to. In retrospect it seems obvious that this could cause problems, but it wasn’t predicted to cause problems. The result was that a database query to look up bot-management features returned the same features multiple times.
That featurelist is used to feed the Cloudflare bot classification system. That system uses some AI smarts, and runs in the core proxy system. There are actually two versions of the core proxy, and they behaved a bit differently when the featurelist exceeded the 200 item limit. When the older version failed, it classified all traffic as a bot. The real trouble was the newer Rust code. That version of the core proxy threw an error in response, leading to 5XX HTTP errors, and the Internet-wide fallout.
Dangling Azure
There’s a weird pitfall with cloud storage when a storage name is used and then abandoned. It’s very much like what happens when a domain name is used and then allowed to expire: Someone else can come along and register it. Microsoft Azure has its own variation on this, in the form of Azure blob storage. And the folks at Eye Security’s research team found one of these floating blobs in an unexpected place: In Microsoft’s own Update Health Service.
The 1.0 version of this tool was indeed exploitable. A simple payload hosted on one of these claimed blob endpoints could trigger an explorer.exe execution with an arbitrary parameter, meaning trivial code execution. The 1.1 version of the Update Health Service isn’t vulnerable by default, requiring a registry change before reaching out to the vulnerable blob locations. That said, there are thousands of machines looking to these endpoints that would be vulnerable to takeover. After the problem was reported, Microsoft took over the blob names to prevent any future misuse.
BADAUDIO
There’s a new malware strain from APT24, going by the name BADAUDIO. Though “new” is a bit of a misnomer here, as the first signs of this particular malware were seen back in 2022. What is new is that Google Threat Intelligence reporting on it. The campaign uses multiple techniques, like compromising existing websites to serve the malware in “watering hole” attacks, to spam and spearphishing.
Notable here is how obfuscated the BADAUDIO malware loader is, using control flow flattening to resist analysis. First consider how good code uses functions to group code into logical blocks. This technique does the opposite, putting code into blocks randomly. The primary mechanism for execution is DLL sideloading, where a legitimate application is run with a malicious DLL in its search path, again primarily to avoid detection. It’s an extraordinarily sneaky bit of malware.
Don’t Leave The Defaults
There’s an RCE (Remote Code Execution) in the W3 Total Cache WordPress plugin. The vulnerability is an eval() that can be reached by putting code in a page to be cached. So if a WordPress site allows untrusted comments, and has caching enabled, there’s just one more hurdle to clear. And that is the W3TC_DYNAMIC_SECURITY value, which seems to be intended to stave off exactly this sort of weakness. So here’s the lesson, don’t leave this sort of security feature default.
Not a Vulnerability
We have a trio of stories that aren’t technically vulnerabilities. The first two are in the mPDF library, that takes HTML code and generates PDFs — great for packaging documentation. The first item of interest in mPDF is the handling of @import css rules. Interestingly, these statements seem to be evaluated even outside of valid CSS, and are handled by passing the URL off to curl to actually fetch the remote content. Those URLs must end in .css, but there’s no checking whether that is in a parameter or not. So evil.org/?.css is totally valid. The use of curl is interesting for another reason, that the Gopher protocol allows for essentially unrestricted TCP connections.
The next quirk in mPDF is in how .svg files are handled. Specifically, how an image xlink inside an svg behaves, when it uses the phar:// or php:// prefixes. These are PHP Archive links, or a raw php link, and the mPDF codebase already guards against such shenanigans, matching links starting with either prefix. The problem here is that there’s path mangling that happens after that guard code. To skip straight to the punchline, :/phar:// and :/php:// will bypass that filter, and potentially run code or leak information.
Now the big question: Why are neither of those vulnerabilities? Even when one is a bypass for a CVE fix from 2019? Because mPDF is only to be used with sanitized input, and does not do that sanitization as part of its processing. And that does check out. It’s probably the majority of tools and libraries that will do something malicious if fed malicious input.
There’s one more “vulnerable” library, esbuild, that has an XSS (Cross Site Scripting) potential. It comes down to the use of escapeForHTML(), and the fact that function doesn’t sanitize quotation marks. Feed that malicious text, and the unescaped quotation mark allows for plenty of havoc. So why isn’t this one a vulnerability? Because the text strings getting parsed are folder names. And if you can upload an arbitrary folder to the server where esbuild runs, you already have plenty of other ways to run code.
Bits and Bytes
There’s another Fortinet bug being exploited in the wild, though this one was patched with FortiWeb 8.0.2. This one gets the WatchTowr treatment. It’s a path traversal that bypasses any real authentication. There are a couple of validation checks that are straightforward to meet, and then the cgi_process() API can be manipulated as any user without authentication. Ouch.
The Lite XL text editor seems pretty nifty, running on Windows, Linux, and macOS, and supporting lua plugins for extensibility. That Lua code support was quite a problem, as opening a project would automatically run the .lua configuration files, allowing direct use of os.execute(). Open a malicious project, run malicious code.
And finally, sometimes it’s the easy approach that works the best. [Eaton] discovered A Cracker Barrel administrative panel built in React JS, and all it took to bypass authentication was to set isAuthenticated = true in the local browser. [Eaton] started a disclosure process, and noticed the bug had already been fixed, apparently discovered independently.
Dogfooding is usually a good thing: That’s when a company uses their own code internally. It’s not so great when it’s a cloud company, and that code has problems. Oracle had this exact problem, running the Oracle Identity Governance Suite. It had a few authentication bypasses, like the presence of ?WSDL or ;.wadl at the end of a URL. Ah, Java is magical.
Cyber adversaries aren’t standing still, and our defenses can’t either. In an environment where government networks face relentless, increasingly sophisticated attacks, it’s evident that perimeter-based security models belong in the past. A zero trust framework redefines the approach: Every user, device, and connection is treated as unverified until proven otherwise, or “trust but verify.” By assuming breach, zero trust delivers what today’s government missions demand: speed, resilience and the ability to contain damage before it spreads.
To truly operationalize zero trust, agencies must look beyond theory and embrace emerging technologies. Many federal organizations are already turning to artificial intelligence and digital twins to get there. A digital twin — a software-based replica of a real-world network — creates an invaluable proving ground. Rather than waiting for an adversary to strike live systems, agencies can safely simulate cyberattacks, test and refine policies, and validate updates before deployment. In my view, this marks a fundamental shift: Digital twins aren’t just a tool, they represent the future of proactive cyber defense, where learning, adaptation and resilience happen before a crisis, not after.
This approach doesn’t just strengthen agency defenses; it also streamlines operations. Instead of maintaining expensive, outdated physical labs, agencies can rely on digital twins to keep pace with evolving cyber threats. Most recently, a large government agency demonstrated the power of this approach by overcoming years of technical debt, rapidly reconfiguring critical systems, and building a testing environment that delivered greater speed, precision and efficiency that advanced their mission and operational goals.
Strategies for anticipating compromise while ensuring operational resilience
Digital twins offer significant potential for enhancing cybersecurity, yet their widespread adoption remains nascent due to several challenges, including budget constraints and agency inertia. Agencies can reference established frameworks such as the National Institute of Standards and Technology SP 800-207 and the Cybersecurity Infrastructure and Security Agency Zero Trust Maturity Model, to guide their zero trust journeys. However, with various legacy systems, cloud services and devices, agencies require zero trust capabilities for their specific needs. The core challenge for government then becomes how to proactively implement effective zero trust strategies that anticipate compromises while ensuring continued operations.
To address these challenges and effectively implement zero trust, here are key actions for agency leaders to consider that include people, process and tools:
People
Embrace change management
Zero trust implementation is as much about people and process as it is about technology. To foster cross-team buy-in, agencies must clearly articulate the “why” behind zero trust. Instead of just a technical mandate, zero trust should be framed as a strategy to improve security and efficiency. This involves creating a shared understanding of the framework’s benefits and how it impacts each team member.
Quantify and communicate value
Measuring the ROI of zero trust is complex, as preventing incidents yields invisible benefits. How will you define success: reduced risk, faster compliance, operational consistency? Agencies should set milestones for measuring security posture improvements and regulatory progress while recognizing the limitations of conventional ROI calculations.
Process
Adopt zero trust as a damage-limitation strategy
Rather than asking, “How do we stop every breach?” agencies should take steps to shift from prevention-only thinking to dynamic containment and defense, such as:
Developing an incident response plan that outlines roles, responsibilities and communication protocols for cyberattack stages.
Conducting regular tabletop exercises and simulations to test the plan’s effectiveness and find improvement areas.
Automating security workflows to accelerate response times and reduce human error.
Be thorough with zero trust planning
According to public sector best practices, projects with 90% planning and 10% execution are far more likely to succeed. Agency technology and information leaders should take an active role in driving zero trust transformation, ensuring comprehensive planning, stakeholder engagement, and organizational buy-in are prioritized from the outset.
Tools
Leverage digital twins
Agencies are turning to emerging technology, including AI and digital twins, to keep pace with threat actors. Government IT and SecOps teams can deploy digital twins to simulate attacks, validate controls and reduce costly physical testing environments. Digital twins should also be considered a safe space for agencies to experiment, identify vulnerabilities, and optimize policies before deployment — an invaluable asset for agencies navigating mixed legacy and cloud ecosystems. Moreover, model-based systems engineering and agile approaches, paired with digital twins, can empower agencies to “rehearse” security incidents and fine-tune architectures.
Tackle tool sprawl using informed consolidation
The sheer volume of disparate vendors and tools can undermine even the best zero trust architecture. Utilizing digital twins to map and simulate your IT environment allows for thoughtful consolidation without sacrificing security or compliance. Lastly, agencies should identify where they are duplicating capabilities and envision a streamlined, mission-focused toolset.
Accelerating zero trust at scale
To address the pace and complexity of future threats, government agencies must act boldly by embracing zero trust not only as a framework but also as a fundamental mindset for continual adaptation and resilience.
By harnessing the power of technologies like AI and digital twins, modernizing planning and response strategies, and committing to cross-team collaboration, agencies can outmaneuver adversaries and protect their most critical missions.
The path forward is clear: Operational resilience is achieved by investing today in future-ready strategies that anticipate compromise, ensure continuity and empower every stakeholder to play a proactive role in defense.
John Fair is vice president of Air Force sales and account management at Akima.
Bitcoin development nonprofit Btrust has named Nigerian Bitcoin Core contributor Abubakar Nur Khalil as its new chief executive officer, the organization announced today.
Khalil had previously served as interim CEO while sitting on the board as a non-voting member. Khalil will step down from his board position and report directly to the organization’s directors in the full-time role.
His three-year term is renewable once.
Founded to support open-source Bitcoin development in the Global South, Btrust has expanded its footprint across Africa, Latin America, and India over the past year. The non-profit received initial funding from Jay-Z and Jack Dorsey.
During his interim leadership, the group increased partnerships with organizations including Bitshala, Vinteum and 2140, and reported record grant distribution.
Since mid-2024, Btrust says it has issued more than $1.7 million in funding, with over half going directly to developers.
Khalil co-founded Btrust Builders, an initiative focused on growing the open-source developer pipeline in emerging markets. He is recognized as a prominent advocate for Bitcoin development in Africa.
“I’m honored to have led Btrust as interim CEO over the past year,” Khalil said in a statement, adding that he aims to strengthen the organization’s systems and scale its impact in 2026 and beyond. “Ensuring that Bitcoin continues to be a money that works for everyone worldwide.”
Board member Obi Nwosu said Khalil is well-positioned to guide Btrust through its next phase as it builds out long-term programs and developer support infrastructure.
The organization said continuity will be a major focus as it transitions from early-stage growth to broader execution.
Btrust’s board launched the CEO search in July, citing the need for dedicated leadership as its programming expands globally. The organization said the appointment marks “a meaningful next chapter” in its mission to strengthen decentralized Bitcoin development.
Abubakar Nur Khalil will also be speaking at Bitcoin MENA, happening December 8–9, 2025, at the ADNEC Center in Abu Dhabi.
"BITCOIN IS MONEY."
We're thrilled to announce Btrust CEO, Abubakar Nur Khalil, to speak at Bitcoin MENA! pic.twitter.com/1ozbQyNBoK
Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…
Varun Uppal, founder and CEO of Shinobi Security Over the weekend, airports across Europe were thrown into chaos after a cyber-attack on one of their technology suppliers rippled through airline...
Reinventing Browser Security for the Enterprise The Browser: Enterprise’s Biggest Blind Spot On any given day, the humble web browser is where business happens – email, SaaS apps, file sharing,...
AI agents use the same networking infrastructure as users and apps. So security solutions like zero trust should evolve to protect agentic AI communications.
Zero Trust: The Unsung Hero of Cybersecurity Cybersecurity professionals are drowning in complexity. Acronyms fly like digital confetti, vendors promise silver bullets, and CISOs find themselves perpetually playing catch-up with...
The Silent Threat: Why Your AI Could Be Your Biggest Security Vulnerability Imagine a digital Trojan horse sitting right in the heart of your organization’s most valuable asset – your...
Cisco Secure Workload is foundational for organizations seeking to implement an effective microsegmentation strategy. It empowers orgs to safeguard assets.
Phishing isn’t what it used to be. It’s no longer fake emails with bad grammar and sketchy links. With AI, modern phishing attacks have become slicker, more convincing, and dangerously...
Black Hat USA 2025 was nothing short of groundbreaking. The show floor and conference tracks were buzzing with innovation, but one theme stood above all others – the rapid advancement...
Login
