Cloudflare experienced significant network failures in November and December 2025, prompting them to launch a "Code Orange: Fail Small" initiative. This plan focuses on improving the resilience of their network by implementing controlled rollouts for configuration changes, enhancing failure handling, and streamlining emergency response processes.

This article explains a C++23 tool called Klint for incident response on Linux systems. It detects hidden kernel modules, rootkits, and other threats through multiple self-registering scanners. The tool runs in isolated processes and produces machine-readable JSON output for easy integration into automated workflows.

KustoHawk is a PowerShell script designed for incident triage and response within Microsoft Defender XDR and Sentinel environments. It collects indicators of compromise and runs queries against the Graph API to provide detailed activity reports for devices or accounts. Users can adjust the timeframe of data collection and export results for further analysis.

This article details a significant npm supply chain attack that compromised an engineer's credentials, allowing unauthorized access to multiple repositories. The attacker cloned 669 repositories and closed numerous pull requests before being detected and removed from the GitHub organization. Thankfully, published packages remained secure throughout the incident.

The author shares their experience of having their AWS account hacked, detailing how the attacker gained access, the immediate steps taken to regain control, and the lessons learned about cloud security. They emphasize the importance of proper security measures and the mindset needed to prevent such incidents.

The article discusses the mismatch between traditional product management practices and the unique demands of security product development. It highlights how PMs often focus on features that appeal to enterprise buyers rather than addressing the urgent needs of security engineers during critical incidents. This misalignment can compromise the effectiveness and reliability of security tools.

AWS CIRT has launched the Threat Technique Catalog for AWS, aimed at providing customers with insights into adversarial tactics and techniques observed during security investigations. This catalog, developed in collaboration with MITRE, categorizes specific threats to AWS and offers guidance on mitigation and detection to enhance customer security.

The Okta Security Detection Catalog is a comprehensive repository of detection rules and log field descriptions aimed at enhancing security monitoring for Okta customers. It includes YAML files for security detections, threat hunting queries, and templates for incident response workflows. The catalog emphasizes the importance of using the System Log for tracking events and recommends strategies for optimizing detection effectiveness.

Continuous Access Evaluation (CAE) is now available on Azure DevOps, enhancing real-time security by allowing immediate revocation of access following critical events like account changes or multi-factor authentication enablement. This feature improves incident response by enforcing policies at access time rather than at token issuance. Developers using the .NET client library will need to manage token rejections appropriately, with support for other languages expected by the end of 2025.

The Bitwarden Security Impact Report provides a comprehensive overview of the security measures implemented by Bitwarden, highlighting their commitment to protecting user data and enhancing overall security. It details various security practices, incident responses, and future plans to further bolster user trust and safety in their services.