The CyberArk Blog

Enterprise security teams commonly focus on controlling AI agent conversations through prompt filters and testing edge cases to prevent unauthorized information access. While these measures...

What is the ToolShell exploit? A newly discovered exploit, “ToolShell,” is fueling a wave of targeted attacks against on-premises Microsoft SharePoint servers. The zero-day exploit chains two...

When attackers gain access to a single endpoint—like a developer’s workstation or an HR system—it’s often game over. With some skill and patience, that foothold can escalate into full-blown...

Developers now chart courses through environments as dynamic and unpredictable as open skies, plotting efficient courses through shifting clouds of technology to reach ambitious goals....

Modern enterprises are facing an identity explosion. Fueled by cloud adoption, DevOps acceleration, and now agentic AI, the number of human and machine identities is growing faster than most...

Scattered Spider has emerged as one of the most disruptive advanced persistent threats in recent years, breaching major organizations across telecom, gaming, transportation, and retail. In the...

Technology is moving at the speed of light, and two forces—quantum computing and AI agents—are poised to shake up cybersecurity. We’re not talking about some far-off future; this is happening now....

The line between human and machine is blurring—and it’s not a question of whether machines can do more, but how far we’re willing to let them go. The frontier lies in tackling the chaos and...

Machine identities—like the API keys, certificates, and access tokens that secure machine-to-machine connections—are swarming businesses. Yet, many teams still reach for manual tools while their...

This blog is the second part of a two-part series on post-quantum cryptography (PQC). In Part 1, we explored how the Harvest Now, Decrypt Later (HNDL) strategy has moved from crypto-conspiracy...

This blog is the first part of a two-part series on post-quantum cryptography (PQC). In this piece, we explore why quantum threats are no longer theoretical. In Part 2, we’ll cover practical steps...

If the mere mention of identity governance and administration (IGA) stresses you out, you’re in good company. Managing digital identities and access privileges is a significant challenge that only...

“The modern ‘software as a service’ (SaaS) delivery model is quietly enabling cyber attackers and—as its adoption grows—is creating a substantial vulnerability that is weakening the global...

Have you ever been on a tight deadline, and suddenly, your organization’s core services go dark because a TLS certificate expired without warning? It’s a nightmare scenario no team wants to face....

As 2025 unfolds, U.S. federal agencies are navigating significant operational shifts that are impacting their overarching cybersecurity strategies. Government security leaders have always...

For years, cybersecurity has been chasing a future where passwords no longer exist. And yet, here we are in 2025—still resetting them, reusing them and getting breached because of them. The...

Imagine walking into your next board meeting and saying, “We need to secure all the non-humans.” You can probably picture the reactions: furrowed brows, confused glances—not exactly a solid...

Cybersecurity is no longer just a technical concern; it’s a business-critical investment. Yet, gaining the C-suite’s backing often hinges on one essential question: “What’s the ROI?” Proving the...

In today’s era, where the digital landscape is as critical as the physical, the urgency to adapt and reinforce our cybersecurity infrastructure is more pressing than ever. For government...