Enterprise Security Tech

According to research from Simcha Kosman, a senior cyber researcher at CyberArk Labs , a critical remote code execution flaw in Apache bRPC  has put a spotlight on a class of debugging features that quietly sit inside many production systems, rarely scrutinized until something goes wrong. Tracked as CVE-2025-60021 and scored at a near-maximum CVSS 9.8, the vulnerability affects all versions of Apache bRPC prior to 1.15.0. It stems from a command injection issue in the framew

In a software world shaped by supply chain attacks, brittle dependencies, and increasingly opinionated Linux distributions, control has become as important as code. Chainguard  is making a deliberate move to hand more of that control back to the people actually running its operating system in production. The company announced the formation of a customer-led steering body for Chainguard OS called the Fully User Directed Committee, or FUD Committee. The name is intentionally pl

The future of enterprise security is supposed to be autonomous. AI agents negotiate contracts, move money, write code, and respond to incidents at machine speed. But according to a new industry survey, the foundation those agents depend on is still riddled with legacy systems that attackers already know how to exploit. That tension sits at the center of The Identity Underground Annual Pulse 2026 , a new report drawing on survey data and candid commentary from more than 150 id

The Everest ransomware crew is once again claiming a marquee victim, this time alleging it has siphoned a vast trove of customer data from Under Armour and leaked it onto a cybercrime forum. If verified, the incident would rank among the largest retail data exposures in recent memory and highlight how modern ransomware campaigns can linger long after an initial intrusion. The scale of the alleged breach comes from Have I Been Pwned , which says it ingested data tied to 72.7

As identity becomes the primary control plane for modern enterprises, privileged access is emerging as one of the most fragile and frequently exploited layers of security. That reality is driving a new partnership between NCC Group  and Delinea , aimed at delivering cloud-native privileged access management services designed for hybrid, AI-enabled environments. The collaboration brings Delinea’s privileged access management technology into NCC Group’s Unified Digital Identity

A massive trove of stolen login credentials, totaling nearly 150 million unique usernames and passwords, was recently found sitting exposed on the open internet, underscoring just how industrialized and fragile the modern credential theft ecosystem has become. The cache, uncovered by cybersecurity researcher Jeremiah Fowler at ExpressVPN , contained more than 149 million records and roughly 96 gigabytes of raw data. The database was neither encrypted nor protected by a passwo