Monday 6/22
UniconOS Management Cloud: A simpler way to manage enterprise endpoints without infrastructure overhead (Citrix)
Endpoint strategy should never be constrained by platform operations. With UniconOS Management Cloud, Citrix customers gain the freedom to decide where control truly matters – and where simplicity drives value. The choice of operating model is ultimately a choice about focus.
https://www.citrix.com/blogs/2026/06/12/uniconos-management-cloud-a-simpler-way-to-manage-enterprise-endpoints-without-infrastructure-overhead/
Seeing the Full Picture: How to Measure Email Security Effectiveness the Right Way (Proofpoint)
Email is still the number one way attackers reach people, and the effectiveness of your email security determines how much of that risk ever touches your users. As organizations standardize on cloud-native platforms like Microsoft 365, one question matters more than any benchmark chart: of every malicious message that targeted my people, how many were stopped before they reached the inbox?
https://www.proofpoint.com/us/blog/threat-protection/seeing-full-picture-how-measure-email-security-effectiveness-right-way
Tuesday 6/23
On June 18, 2026, Gotham's CTO, Ken Phelan, was joined by N-able's Chief Innovation Officer, Robert Johnston, to discuss the evolution of managed security, the rise of AI-powered defense, and how organizations can scale cybersecurity operations while facing increasingly sophisticated threats and limited resources.
Click the link below for the full video:
https://www.youtube.com/watch?v=I-6c4rT_xdw
Safeguard 12.2: Establish and Maintain a Secure Network Architecture
https://www.gothamtg.com/blog/safeguard-122-establish-and-maintain-a-secure-network-architecture
The Operational Reality of Zero Trust- And How You Can Change It (Check Point)
Zero Trust cannot be sustained with periodic cleanup and manual review alone. It requires a security management model that continuously compares policy intent with what is actually happening in the environment. That operating model needs to answer practical questions quickly:
https://blog.checkpoint.com/hybrid-mesh/the-operational-reality-of-zero-trust-and-how-you-can-change-it/
Real Defense in Depth Starts with Abnormal + Microsoft (Abnormal AI)
Layering in Abnormal’s behavioral AI detection complements your existing Microsoft 365 investment, reduces risk and operational burden, and preserves a simpler architecture through API-based integration with Microsoft 365 instead of MX record changes.
https://abnormal.ai/blog/real-defense-in-depth-starts-with-abnormal-microsoft
Wednesday 6/24
Demystifying Employee Experience Scores (ControlUp)
Modern work is entirely network-dependent. A healthy, powerful device with a poor connection delivers a poor experience, and “the network was slow” is one of the most frustrating complaints to triage because it can mean ten different things.
https://www.controlup.com/blog/demystifying-employee-experience-scores/
Rethinking cloud operations with agentic observability (Microsoft)
As software becomes increasingly agentic, the challenge is no longer just managing greater scale and complexity. Operators must also contend with systems that evolve faster, act more autonomously and interact across an expanding network of dependencies.
https://blogs.microsoft.com/blog/2026/06/23/rethinking-cloud-operations-with-agentic-observability/
Thursday 6/25
The trust playbook is getting weaponized (Delinea)
The month’s most significant incidents weren’t defined by credential theft or exploitation in the traditional sense. In each case, attackers moved through systems that were working as designed: signed packages, guest-user APIs, third-party vendor access, federated authentication.
https://delinea.com/blog/cybersecurity-how-the-trust-playbook-is-getting-weaponized
Monday 6/29
Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens
The FBI issued a warning about Kali365, a phishing platform targeting Microsoft 365 accounts. Instead of stealing passwords, it hijacks digital access keys (OAuth tokens). It tricks you into entering a real sign-in code on a fake app or page, granting hackers access.
https://www.ic3.gov/PSA/2026/PSA260521
Identity Verification Has an Identity Crisis (HYPR)
Over time, “identity verification” stopped sounding like a broad assurance discipline and started sounding like a specific user action: document scan plus selfie. The user completed the ceremony, got a pass/fail result, and that became IdV. The confusion starts because these terms describe different things, yet are frequently used interchangeably.
https://www.hypr.com/blog/idv-has-an-identity-crisis
Tuesday 6/30
Safeguard 12.3: Securely Manage Network Infrastructure
https://www.gothamtg.com/blog/safeguard-123-securely-manage-network-infrastructure
4 paths to Frontier Transformation: From AI experimentation to real business value (Microsoft)
While leaders have embraced AI’s potential, much of that energy is still concentrated in isolated use cases. The result is progress that feels real but rarely scales. Efficiency improves in pockets. Insights surface in moments. But enterprise impact remains limited. Frontier Transformation begins where this pattern breaks.
https://www.microsoft.com/en-us/microsoft-cloud/blog/2026/06/18/4-paths-to-frontier-transformation-from-ai-experimentation-to-real-business-value/
Wednesday 7/1
Citrix Platform Flex – A Shift Toward Smarter VDI
Platform Flex isn’t just a licensing change, it’s a move toward a consumption-driven model that aligns cost, performance, and user needs. For organizations dealing with overprovisioned environments or rising cloud costs, it’s a step in the right direction, as long as there’s enough visibility and discipline to take advantage of it.
https://www.gothamtg.com/blog/citrix-platform-flex-a-shift-toward-smarter-vdi
Smarter at the Edge: How AI Is Changing the Way We Do Perimeter Security
If you've ever inherited a firewall policy that's been built up over years, you know what I'm talking about. Rules that nobody's sure about. Duplicates. Overly permissive entries that made sense once and now just sit there. Manually working through all of that is slow, tedious, and little nerve-wracking because you don't want to break anything. AI-assisted policy analysis has made this so much more manageable.
https://www.gothamtg.com/blog/smarter-at-the-edge-how-ai-is-changing-the-way-we-do-perimeter-security
Application Security Already Knows What’s Broken. Context Is How You Fix It Faster. (Seemplicity)
The larger the volume gets, the more that action has to happen at machine speed. That’s the promise of agentic exposure action, and it’s where we’ve focused our innovation on. The point isn’t automation for its own sake. It’s that human-paced effort can’t keep up with AI-paced development, and pretending otherwise is how a backlog becomes permanent.
https://seemplicity.ai/blog/application-security-aspm-context-to-action/
Thursday 7/2
From CVE Disclosure to Agentic Protection in 45 Minutes. Why it Matters Now. (Cato Networks)
AI is compressing the attacker’s timeline. Frontier models are already being used to automate vulnerability research and exploit generation, accelerating the trend toward faster exploitation. The window between disclosure and weaponization is no longer safe to treat as a planning assumption.
https://www.catonetworks.com/blog/from-cve-disclosure-to-agentic-protection-in-45-minutes-why-it-matters-now/
When AI Invents the Attack: Browser-Native Ransomware (Check Point)
Historically, discovering a new attack path required domain expertise and creative human thinking. AI changes that. A non-expert can describe a malicious outcome in plain language and receive a prototype that connects that goal to a real platform capability they never knew existed.
https://blog.checkpoint.com/research/when-ai-invents-the-attack-browser-native-ransomware/
Monday 7/6
Browser Security: Zero-Days Are Only Part of the Problem (CrowdStrike)
Zero-day vulnerabilities affecting browsers and web technologies draw attention for good reason. They are exploited before patches are available, before organizations can understand them and apply mitigations. While not every zero-day will affect every business environment, organizations must take steps to reduce their risk.
https://www.crowdstrike.com/en-us/blog/browser-security-zero-days-are-only-part-of-the-problem/
XenServer 9 is here. You already own it. Now it’s time to put it to work. (Citrix)
XenServer 9 is built for organizations actively reassessing their virtualization strategy under cost pressure. It reduces operational complexity, strengthens security, and provides predictable lifecycle management across on-premises and hybrid environments. Beyond licensing, XenServer 9 simplifies infrastructure operations.
https://www.citrix.com/blogs/2026/07/01/xenserver-9-is-here/
Tuesday 7/7
Safeguard 12.4: Establish and Maintain Architecture Diagram(s)
https://www.gothamtg.com/blog/safeguard-124-establish-and-maintain-architecture-diagrams
3 things leaders need to know from Microsoft Build 2026 (Microsoft)
Every time a team deploys a new AI project, they run into the same problem—the AI starts without that context. It doesn’t know your customers the way your sales team does. It doesn’t understand your definitions of revenue, risk, or success. And as a result, every new project starts from scratch. That’s why context has become a scaling issue.
https://azure.microsoft.com/en-us/blog/3-things-leaders-need-to-know-from-microsoft-build-2026/
It Might Feel Like We’ve Been Here Before, But We Haven’t (Palo Alto Networks)
Many organisations are underestimating the challenges of AI governance, in large part because they think they’ve been here before. They already have many experiences of ensuring robust cybersecurity and strict governance for new technologies, as they’ve done for remote systems, cloud computing, the internet of things, and more.
https://www.paloaltonetworks.com/blog/2026/07/it-might-feel-like-weve-been-here-before-but-we-havent/
Monday 7/13
Rethinking Network Security
By transitioning from an indiscriminate "inspect everything" philosophy to a "context-aware traffic separation" model, an enterprise can simultaneously harden its security posture, reduce application latency, and optimize cloud spend.
https://www.gothamtg.com/blog/rethinking-network-security
Thwarting Bluekit Phishing-as-a-Service Attacks on Microsoft Authentication (HYPR)
Attackers are investing less effort into defeating authentication technologies and more effort into controlling the environments in which authentication takes place. At the same time, organizations are preparing for a future where both employees and AI agents will initiate privileged actions at machine scale.
https://www.hypr.com/blog/thwarting-bluekit-phishing-as-a-service-attacks-on-microsoft-authentication
Centralized computing doesn’t replace power users, it enables them (Citrix)
With a pooled credit model, IT can adjust service levels as demand changes, helping right-size delivery across the workforce while balancing user experience, governance, and cost. Centralized control remains consistent, while Citrix Platform Flex makes service levels, cost, and compute choices more adaptable across the workforce.
https://www.citrix.com/blogs/2026/07/08/centralized-computing-doesnt-replace-power-users-it-enables-them/
Tuesday 7/14
Safeguard 12.5: Centralize Network Authentication, Authorization, and Auditing
https://www.gothamtg.com/blog/safeguard-125-centralize-network-authentication-authorization-and-auditing
Microsoft Entra ID security updates: Passkeys are the default authentication method in Entra ID (Microsoft)
Beginning September 1, 2026, Microsoft will begin rolling out passkeys as the default authentication experience in Microsoft Entra ID. As the rollout reaches each organization, users enabled for SMS or voice authentication will automatically be enabled for passkeys, and the next time they perform multifactor authentication, they’ll be prompted to register a passkey.
https://www.microsoft.com/en-us/security/blog/2026/07/13/microsoft-entra-id-security-updates-passkeys-are-the-default-authentication-method-in-entra-id/
Thin client vs. desktop vs. laptop (choosing the right endpoint for your environment) (Nerdio)
If Windows 10 end of support is driving your endpoint refresh cycle, the decision goes beyond purchasing. You also need to determine which legacy systems to replace, which hardware to repurpose, and which users genuinely require a full Windows endpoint.
https://getnerdio.com/blog/thin-client-vs-desktop/
Wednesday 7/15
CISA Urges SharePoint Hardening After New Exploitations (CISA)
These vulnerabilities affect all supported on-premises SharePoint Server versions (Subscription Edition, 2019, and 2016) and involve establishing remote code execution (RCE) and post-exploitation activities, such as stealing Internet Information Services (IIS) machine keys and performing deserialization techniques, to gain persistence and deploy malware.
https://www.cisa.gov/news-events/alerts/2026/07/14/cisa-urges-sharepoint-hardening-after-new-exploitations
AI Agents are Only As Effective as Their Harness (Check Point)
On its own, an LLM is a generalist. It knows a little about everything and not enough about your environment. Left ungrounded, it hallucinates — confident outputs that are simply wrong. In a chatbot, that’s an inconvenience. In network security, it’s a risk you can’t accept.
https://blog.checkpoint.com/ai-security/ai-agents-are-only-as-effective-as-their-harness/
Thursday 7/16
Malicious GitHub Campaign: Fake “Arctic Wolf” and 290+ Brand-Impersonation Repositories Deliver BoryptGrab-Lineage Infostealer (Arctic Wolf)
Targeting is opportunistic and search-engine-driven rather than sector-specific. The 292 impersonated repositories span security tooling, fintech and personal finance, cryptocurrency wallets and exchanges, developer and productivity tools, secure email providers, macOS utilities, and gaming software (including cheat tools). Victim selection is therefore a function of what software a user searches for and downloads, not membership in a targeted industry.
https://arcticwolf.com/resources/blog/fake-github-repositories-deliver-boryptgrab-lineage-infostealer/
How AI-leading Security Teams Are Building the Agentic SOC (CrowdStrike)
The agentic SOC is the only operating model equipped to match the AI-accelerated adversary. Security teams need an operating model that delivers machine-speed execution paired with enterprise-grade governance, intelligence, extensibility, and their organization’s unique context.
https://www.crowdstrike.com/en-us/blog/how-ai-leading-security-teams-are-building-the-agentic-soc/
Thirty Years of Failing Closed
Every enterprise we serve is now deploying AI agents — copilots, chatbots, autonomous workflows — with credentials, autonomy, and access that traditional security tooling was never designed to govern. If fail-closed was the right instinct when the thing you were deciding about was a packet, it matters far more when the thing you're deciding about is an agent that can act on its own.
https://www.gothamtg.com/blog/thirty-years-of-failing-closed
Friday 7/17
A new way to SIEM (Cribl)
Cribl is acquiring CardinalOps. CardinalOps brings agentic detection engineering to Cribl’s AI Platform for Telemetry and gives security teams a more open alternative to the SIEM they run today, without forcing them back into the same tradeoffs.
https://cribl.io/blog/a-new-way-to-siem/
Introducing Nutanix Agent Gateway: Unified Governance and Cost Control for Agentic AI (Nutanix)
What began as reactive chatbots answering questions has evolved into autonomous agents that actively engage with enterprise tools, business systems, and LLMs. These same agents are now able to spawn sub-agents with the same level of capability. This evolution comes with a compounding challenge: as agent sprawl increases across organizations, so does the multiplier effect on token consumption and access control risks.
https://www.nutanix.com/blog/introducing-nutanix-agent-gateway