Enterprise Security Tech

The White House has signed the 2026 National Defense Authorization Act into law , cementing a $901 billion defense policy package that quietly but decisively reinforces the Pentagon’s cyber posture at a moment when digital conflict is no longer theoretical. The legislation preserves the long standing dual leadership arrangement between U.S. Cyber Command and the National Security Agency, while explicitly barring the Defense Department from using funds to weaken the authority

AI coding assistants are quietly redrawing the boundaries of application security, and many security teams are not ready for what that means. As generative AI tools accelerate software development, they are also accelerating the creation of new application programming interfaces. These APIs increasingly appear without formal design reviews, documentation, or inventory processes. The result is an expanding class of shadow APIs that exist in production but remain invisible to t

Keeper Security has crossed one of the most demanding thresholds in federal cybersecurity, earning authorization to operate at the FedRAMP High level for its government cloud platform. The approval positions the company to secure some of the US government’s most sensitive unclassified systems, including those tied to law enforcement, emergency response, and critical infrastructure. FedRAMP High is not a routine certification. It applies to cloud systems where a breach could

The University of Phoenix has become the latest high profile casualty in a sweeping ransomware and data extortion campaign that is reshaping how attackers target higher education and enterprise software at scale. In a disclosure that surfaced quietly in early December, the for profit university confirmed that attackers gained unauthorized access to sensitive systems months earlier and ultimately exfiltrated personal and financial data tied to nearly 3.5 million people. The a

A newly disclosed flaw in MongoDB dubbed 'MongoBleed' is exposing a subtle but dangerous reality of modern cloud infrastructure: sometimes the most sensitive data does not need to be stolen from a database table at all. It can simply leak out of memory. Tracked as CVE-2025-14847 , the vulnerability affects how MongoDB  processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger the database server to return fragments of its own uniniti