Critical Vulnerabilities in Microsoft Windows Operating Systems
SummaryNew vulnerabilities are continually emerging, but the best defense against attackers exploiting patched vulnerabilities is simple: keep software up to date. Timely patching is one of the most...
View ArticleContinued Exploitation of Pulse Secure VPN Vulnerability
SummaryUnpatched Pulse Secure VPN servers continue to be an attractive target for malicious actors. Affected organizations that have not applied the software patch to fix an arbitrary file reading...
View ArticlePotential for Iranian Cyber Response to U.S. Military Strike in Baghdad
SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s...
View ArticleDridex Malware
SummaryThis Alert is the result of recent collaboration between the Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes...
View ArticleMicrosoft Ending Support for Windows 7 and Windows Server 2008 R2
SummaryNote: This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See...
View ArticleMicrosoft Operating Systems BlueKeep Vulnerability
SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft...
View ArticleNew Exploits for Unsecure SAP Systems
SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components....
View ArticleDNS Infrastructure Hijacking Campaign
SummaryThe National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS)...
View ArticleSamSam Ransomware
SummaryThe Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to...
View ArticlePublicly Available Tools Seen in Cyber Incidents Worldwide
SummaryThis report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it...
View ArticleAWS Launches European Sovereign Cloud: What You Need to Know and What You...
Amazon just launched the European Sovereign Cloud. It’s an important milestone, but enterprises need to know the limits. On January 15, 2026, Amazon Web Services opened up their brand new European...
View ArticleZero Trust in the Cloud: Designing Security Assurance at the Control Plane
The way cloud systems are designed has quietly changed. What we used to view as a collection of servers and networks is now shaped by decisions that are made long before any workload runs. Access is...
View ArticleWhat if AI Knew When to Say “I Don’t Know”?
Not a vocabulary problem. AI models can produce uncertainty language just fine, “I’m not sure,” “This may not be accurate,” “Please verify.” They say these things constantly. Sometimes appropriately....
View ArticleBeyond Badge-Selling: Why Compliance Automation Needs Trust by Design
Recent reports about potential compliance certificate fraud have sparked important conversations in our industry. While the specifics of individual cases may still be under investigation, the broader...
View Article79% of IT Pros Feel Ill-Equipped to Prevent Attacks Via Non-Human Identities,...
Exacerbating risk is the proliferation of identities: 78% of organizations lack policies for creating AI identities SEATTLE – Jan. 27, 2026 –The Cloud Security Alliance (CSA), the world’s leading...
View ArticleLeveling Up Autonomy in Agentic AI
The conversation around artificial intelligence has shifted dramatically over the past two years. We've moved from debating whether AI can write a decent email to grappling with AI systems that can...
View ArticleBridging the Gap Between Cloud Security Controls and Adversary Behaviors: A...
As cloud adoption accelerates across industries, the complexity and volume of cloud-specific threats have grown in parallel. Security professionals are increasingly turning to standardized frameworks...
View ArticleNon-Human Identity Governance: Why IGA Falls Short
Identity Governance and Administration (IGA) has long been a pillar of access management. It works well for employees and contractors whose identities are anchored in HR systems, follow predictable...
View ArticleThe Great Divide: How AI Is Splitting the Cybersecurity Landscape
As we move deeper into 2026, we’re officially past the point of asking if AI will transform cybersecurity. The only question now is whether your organization will be ready when it does. 2025 marked...
View ArticleThe Agentic Trust Framework: Zero Trust Governance for AI Agents
This blog post presents the Agentic Trust Framework (ATF), an open governance specification designed specifically for the unique challenges of autonomous AI agents. For security engineers, enterprise...
View ArticleHow CSA STAR Helps Cloud-First Organizations Tackle Modern Identity Security...
Cloud-first strategies have completely changed how organizations operate. Teams can launch infrastructure in minutes instead of weeks, rely heavily on SaaS applications, and collaborate from anywhere...
View ArticleLogic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability...
Written by: Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research Dr. Yasir Mehmood, AI 5G & IoT Systems...
View ArticleNew Survey from Cloud Security Alliance, Strata Identity Finds That...
Agentic workforce is scaling faster than identity and security frameworks can adapt SEATTLE – Feb. 5, 2026 –The latest survey report from the Cloud Security Alliance (CSA), the world’s leading...
View ArticleApplying MAESTRO to Real-World Agentic AI Threat Models: From Framework to...
Every security team I talk to is having the same conversation right now. Their developers are shipping AI agents — coding assistants, autonomous workflows, LLM-powered tools that can browse the web,...
View ArticleWhy Zero Trust Needs to Start at the Session Layer
Most of us grew up professionally in a world where “secure access” meant encrypt the tunnel and harden what’s exposed. VPNs, TLS/mTLS, WAFs, EDR, patching, detection, response... the whole modern...
View ArticleToken Sprawl in the Age of AI
If your organization is experimenting with AI agents, copilots, or AI services accessed via API, you’ve probably created more identities than you intended. These non-human identities (service accounts...
View ArticleBreaking Down the SOC 2 Trust Services Criteria: Privacy
Unpack the critical role of privacy within the five SOC 2 trust services criteria (TSC) and how organizations can leverage compliance to build trust and resilience in a data-driven world. In this...
View ArticleAI Security: IAM Delivered at Agent Velocity
This is the first blog in a seven-part series on identity security as AI security. TL;DR: AI agents can expand an organization’s attack surface by 100 times, not by doing more but by doing it faster....
View ArticleOpenClaw Threat Model: MAESTRO Framework Analysis
Executive Summary This document applies MAESTRO Framework (7-layer Agentic AI Threat Model) to the OpenClaw codebase, identifying specific threats at each layer and detailing mitigation strategies...
View ArticleCCM v4.1 Transition Timeline
This blog was published on February 19, 2026 with the latest information regarding the release of CCM v4.1. On January 28, CSA released version 4.1 of the Cloud Controls Matrix (CCM), succeeding CCM...
View Article