Killing Standing Privileges: Why Just-in-Time Access is the Future of PAM If you had to pick a single control that changes the game for cloud security, you might want to choose killing standing privileges.

Identity is now the easiest way in for attackers. Gartner has warned that mismanagement of identities, access, and privilege will be the top reason for cloud security failures. Meanwhile, Verizon’s Data Breach Investigations Report shows that nearly 80% of data breaches involve the misuse of credentials.

Security professionals built traditional P...
https://cloudsecurityalliance.....org/articles/killing

Why Compliance as Code is the Future (And How to Get Started) Originally published by RegScale.

If you’ve ever managed enterprise compliance, you know the drill all too well. It’s the night before the audit deadline and you’re drowning in spreadsheets, frantically gathering evidence. It’s 2025 — but you feel like you’re still doing compliance like it’s 1999.

You’re not alone. Organizations are burning countless hours on reactive processes, treating compliance like a documentation problem instead of what it really is: an engineering challenge.

Lu...
https://cloudsecurityalliance.....org/articles/why-com

Active Exploitation of 7-Zip RCE Vulnerability Shows Why Manual Patching is No Longer an Option  A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an attacker to overwrite system files or execute arbitrary code with the […]
https://blog.qualys.com/produc....t-tech/2025/12/04/ac

Defensive Security Podcast Episode 327 Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links to this week’s stories: https://www.cybersecurity-insi....ders.com/how-ai-will https://www.helpnetsecurity.co....m/2025/10/15/f5-big- https://www.bleepingcomputer.c....om/news/security/fak https://blogs.microsoft.com/on....-the-issues/2025/10/ https://www.theguardian.com/te....chnology/2025/oct/19
https://defensivesecurity.org/....defensive-security-p

Defensive Security Podcast Episode 328 Want to be the first to hear our episodes each week?  Become a Patreon donor here. Links we discuss this week: https://thehackernews.com/2025..../10/self-spreading-g https://www.cybersecuritydive.....com/news/artificial- https://www.cybersecuritydive.....com/news/ai-augment- https://www.darkreading.com/cy....ber-risk/best-end-us https://www.bleepingcomputer.c....om/news/security/hac
https://defensivesecurity.org/....defensive-security-p