Iranian Attack on Stryker Brings BYOD Dangers Back to Center Stage
The bring-your-own-device (BYOD) dimension carries implications well beyond Stryker.
George V. Hulme
The War With Iran Is Now Being (Partially) Fought in Data Centers, Defense Networks, and Telegram Chats
While Iranian drones were taking out Amazon's data centers in the Gulf, Tehran's hackers were already inside U.S. banks, airports, and defense networks — and they got there weeks before the first missile flew.
Health-ISAC Data Shows Healthcare Under Sustained, Escalating Siege in 2025
Ransomware events surged 55% in 2025, supply chain attacks widened the blast radius, and nation-state actors showed up. New data from Health-ISAC shows why the health sector's security problem continues to grow.
Iran Conflict: America's Cyber Defenses Face Their Biggest Test — At a Weak Moment
As Iran's cyber forces regroup after the most devastating military strikes in the Islamic Republic's history, the U.S. agency built to defend the nation's critical infrastructure is operating with a skeleton crew, gutted leadership, and a funding crisis — at precisely the moment it is needed most.
Attackers Are at the Edge — and They're Bringing Their AI
New GreyNoise telemetry recorded 2.97 billion malicious sessions targeting edge infrastructure in H2 2025 — and AI serving platforms are already on the same target list as VPN appliances and firewalls. The attack surface expanded. Attackers followed.
The SaaS-pocalypse Paradox: What it Means for CISOs and Enterprise Security
The SaaS market has shed $1 trillion in value. Salesforce, Workday, Adobe, and Snowflake are all down at least 40% from 2025 peaks. For CISOs managing risk across a consolidating software stack, the implications for vendor stability, integration continuity, and contract leverage are significant.
White House Readies Five-Page Cybersecurity Strategy Built on Offense, Deterrence, and Deregulation
The forthcoming plan marks a sharp pivot from the Biden era—and some experts warn it may leave the nation more exposed, not less.
Six Months of Silence: How a Hijacked Text Editor Exploited Structural Flaws in Enterprise Security
The Notepad++ incident isn't just another nation-state compromise. This attack highlights how developer tools are a governance blind spot, ongoing weaknesses in the integrity of update mechanisms, and the continued evolution of supply chain attacks.
The Five Most Important Enacted AI Regulations Affecting US and European Organizations
The world moved swiftly to adopt enterprise AI. Here come the regulations. In this story, we cover what security and risk teams need to know to weather the new regulatory waters.
How Gootloader Weaponizes Format Flaws to Evade Detection
For security teams, the message is sobering: initial access brokers such as Gootloader operate at sophisticated technical levels, leverage specialized knowledge of file-format quirks, and maintain operational resilience through rapid innovation.
Too Many Cybersecurity Tools: How To Declutter Through Platformization
For enterprises eager to consolidate their tools, success will take the form of "platformization" of enterprise security stacks.
2025: The Year the World Learned Cybersecurity is Increasingly Unmanageable
We picked the top three news events of 2025. It wasn't easy: and neither will be 2026.
Security Experts Share Their 2026 Cybersecurity Predictions
Here are the predictions we believe will have significant impacts on security professionals in the year ahead: the bad and the good.
Quantum Security Spending Hits a Tipping Point: Why 5% of Security Budgets Now Belong to Post-Quantum Migration
This isn't marginal spending on a future-state concern—it's an immediate, substantial commitment that many CISOs now see as a priority.
AI-Generated Code Is Already Running Critical Infrastructure: Can AppSec Keep Up?
Traditional security tools were designed when code changes were measured in hundreds of lines per sprint and development cycles lasted weeks. Today, AI accelerates code production to thousands of lines daily with fundamentally different patterns than human-written code.
Why Forrester Says Your Agentic AI Deployment Will Cause a Breach in 2026
The agentic AI governance gap is a fundamental enterprise weakness. Sixty-three percent of organizations lack AI governance policies, according to IBM's research. This creates a complete lack of any meaningful organizational control over these deployments.