Monday 9/15
npm Supply Chain Attack via Open Source maintainer compromise (Snyk)
The open source developer fell victim to a phishing email that allowed an attacker to gain access to their npm account. This enabled the attacker to inject malicious code into many highly popular npm packages, creating a supply chain attack.
https://snyk.io/blog/npm-supply-chain-attack-via-open-source-maintainer-compromise/
The 2025 Cybersecurity Hall of Shame: 10 Mistakes People Still Make
Many cybersecurity mistakes continue to be observed in 2025 despite the availability of advanced security tools and ongoing awareness efforts. These errors range from simple oversights to choices made for convenience, each potentially increasing the likelihood of security incidents.
https://www.gothamtg.com/blog/the-2025-cybersecurity-hall-of-shame-10-mistakes-people-still-make
Beyond the Backup: Rubrik's Complete M365 Protection Delivers Healthcare Cyber Resilience (Rubrik)
Such comprehensive visibility into data handling simplifies audit processes while automatic enforcement of data segmentation policies ensures continuous protection of regulated information.
https://www.rubrik.com/blog/company/25/9/beyond-the-backup-rubrik-s-complete-m365-protection-delivers-healthcare-cyber-resilience
Tuesday 9/16
How Pure Storage and CrowdStrike Are Powering the Future of Cyber Resilience (Pure Storage)
A new deep integration between Pure Storage and CrowdStrike bridges the gap between security and storage, making infrastructure a core component of modern cyber resilience.
https://blog.purestorage.com/solutions/pure-storage-and-crowdstrike-cyber-resilience/
The Rhythm of Resilience: Mitigating Insider Risk Without Silos (Proofpoint)
Human-centric, unified security means each team plays its part. With well-communicated handoffs, clear boundaries, and parallel runs, teams reinforce each other instead of duplicating effort or tripping over one another. And as security evolves to dynamically address risks surrounding human interactions with data and systems, it’s also bringing teams closer together.
https://www.proofpoint.com/us/blog/insider-threat-management/mitigating-insider-risk-without-silos
Wednesday 9/17
Why secret sprawl may be your biggest security threat (and how to help fix it) (CyberArk)
Organizations implementing workload identity now are positioning themselves to manage AI agents securely as they become more autonomous. Those that don’t risk losing control of their expanding digital workforce.
https://www.cyberark.com/resources/blog/why-secret-sprawl-may-be-your-biggest-security-threat-and-how-to-help-fix-it
Check Point to Acquire Lakera, Redefining Security for the AI era (Check Point)
The addition of Lakera’s products, technology, and team, will enhance Check Point’s AI security capabilities, delivering the industry’s first end-to-end AI security platform with comprehensive protection for users, applications, models, and external integrations.
https://blog.checkpoint.com/security/check-point-to-acquire-lakera-redefining-security-for-the-ai-era/
Thursday 9/18
CISA tool aims to boost security for software onboarding (ReversingLabs)
The free, interactive tool is based on CISA’s “Software Acquisition Guide for Government Enterprise Consumers: Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle,” which addresses the cybersecurity risks associated with the acquisition and use of software developed by third parties.
https://www.reversinglabs.com/blog/cisa-tool-software-onboarding-tpsrm
Windows NRPT: Guide, APIs & Best Practices (Island)
NRPT is a powerful feature in Windows that allows administrators to configure DNS client behavior for specific queries. In contrast to the common solution of a DNS server, which applies arbitrary logic on incoming requests, NRPT is a table of rules that the Windows DNS client checks before sending a DNS query.
https://www.island.io/blog/man-7-windows-nrpt
Friday 9/19
How Manual Triage Undercuts the Modern SOC (Abnormal AI)
Modern SOCs cannot afford to spend valuable analyst hours on manual email triage. The abuse mailbox, once a well-intentioned tool for visibility, has become one of the largest operational burdens in security. Automation is no longer an enhancement—it is the baseline requirement for reducing risk and restoring capacity.
https://abnormal.ai/blog/how-manual-triage-undercuts-the-modern-soc