Insights

Veeam has released urgent security updates for its widely deployed Backup & Replication platform after identifying multiple high-severity vulnerabilities, including flaws that could allow remote code execution (RCE) under certain conditions. The issues affect Veeam Backup & Replication v13.0.1.180 and earlier v13 builds. Organizations running affected versions should apply the latest patches immediately. What's at Risk? The newly released update (v13.0.1.1071) addresses several vulnerabilities that, if exploited, could allow authenticated users to execute code with elevated privileges. While some of these vulnerabilities require specific roles or access levels, they remain high-risk in real-world environments where credential compromise is common. Key issues include: Remote code execution as the postgres user via manipulated interval or order parameters Remote code execution as root through maliciously crafted backup configuration files Arbitrary file write as root, which can be chained with other flaws for full system compromise Command execution via parameter injection leading to privilege…

AI is not coming. It's already sitting in your environment. Not as a chatbot. As something more dangerous and more useful. An agent. An agent can take actions. It can pull data. It can send email. It can open tickets. It can query systems. It can automate workflows. It can do what employees do, except faster, longer, and without boredom. That's the part everyone celebrates. Here's the part they miss. Agents require access. And access is where everything breaks. Agents behave like humans, but scale like machines A human might make one mistake a week. An agent can make a mistake a thousand times before lunch. A human might forget to close a session. An agent might run nonstop, with persistent tokens, forever. So when organizations bolt agents onto existing systems without governance, they don't just add productivity. They add a new class of identity that is often overprivileged and…

I have nothing against audits. I have nothing against pen tests. They still matter. But if you treat them as proof you are safe, you are going to learn the hard way that compliance is not the same thing as resilience. I have seen too many organizations get hit right after "passing." Then they're sitting in a conference room staring at a report that looks clean, while their reality is on fire. Here's why that happens. Scope is the first lie The biggest weakness in most security programs is not technology. It's scope. Pen tests are scoped.Audits are scoped.Assessments are scoped. And the modern breach often lives outside that scope. It lives in identity.It lives in SaaS.It lives in delegated trust.It lives in app-to-app integrations.It lives in the places nobody "thought to include" because the organization is still thinking like it's 2012. So the report looks good. It's not because…

For a long time, cybersecurity had a simple story. Build the wall. Harden the servers. Patch the endpoints. Run the pen test. Pass the audit. Feel better. That story is not useless. It's just incomplete. The wall still matters, but the breach rarely comes through the wall anymore. It comes through the doors we built ourselves. The ones we forgot we installed. The ones we handed to vendors, integrations, and "helpful" apps that promised to make work easier. That's delegated trust. And in 2026, it is the new perimeter. What delegated trust really looks like Most organizations have a mental picture of risk that still looks like a network diagram. Subnets. Firewalls. "Inside" and "outside." That picture is comforting because it's familiar. But business does not run inside the network anymore. Your data lives in SaaS platforms.Your workflows live in cloud services.Your files live in shared drives and collaboration tools.Your…