Introduction: A Threat Advisory That Demands More Than Awareness A recent advisory from threat modeling expert firm Shostack + Associates on GPS spoofing and jamming has prompted many organizations to revisit their threat models. The guidance is simple. If your systems rely on GPS, it is time to reassess what that dependency means today. GPS…

In 2026, the AI hype period ends as the pressure to deliver real, measurable results from secure AI initiatives intensifies.”  — Sharyn Leaver, Chief Research Officer, Forrester After years of accelerating cyber risk, 2026 will mark a turning point. Not because attacks slow down, but because organizations will have to confront a harder truth. Reactive…

By Krishna Bala, CTO, ThreatModeler Having spent a significant part of my career working in and alongside healthcare organizations, I’ve seen firsthand how growth through acquisition can accelerate innovation, expand access to care, and strengthen market position. I’ve also seen how it can quietly introduce risk at a scale few organizations fully appreciate. In healthcare,…

By Mike LeBlanc, Chief Revenue Officer, ThreatModeler Last week, I sat in on a CISO panel discussion, and one theme kept coming up. No matter how different their environments were, they all said the same thing in one way or another: teams are trying to shift left — but most of the pain still shows…

Cloud infrastructure has become the foundation of modern innovation. But as organizations move faster and scale across multiple environments, ensuring consistent security becomes increasingly complex. To help enterprises address the growing challenges of securing cloud infrastructure at scale, ThreatModeler and HashiCorp partnered to bring together two areas of strength: Infrastructure as Code and intelligent threat…

Introduction: The Real Healthcare Security Challenge Healthcare is transforming faster than ever. Cloud-based Electronic Health Records (EHRs), connected medical devices, and telehealth platforms are reshaping patient care. But manual threat modeling can’t keep pace.  The gap is clear: Security in healthcare needs to speed up to keep pace with tomorrow’s innovations. This forces leaders to…

Secure the architecture, not just the contract Most security teams wouldn’t dream of exposing an admin panel on a public login screen without multi-factor authentication, let alone using a password like “123456.” But when it’s a third-party vendor? That kind of risk often slips through the cracks. That’s precisely what happened when Paradox.ai, an AI…

In today’s fast-paced financial landscape, cybersecurity is no longer optional. It’s foundational to business continuity, regulatory compliance, and operational resilience. As banks, trading platforms, and fintech services accelerate cloud adoption, threat actors are evolving in sophistication and scale. The result is a surge in sophisticated attacks targeting financial systems, APIs, infrastructure, and supply chains. As…

It’s not surprising that we have to protect our critical infrastructure from cyberattacks. What might be a surprise is what all constitutes critical infrastructure. There are actually 16 sectors where the United States government has set up critical infrastructure cybersecurity. “These ‘sectors’ are areas in which both public and private organizations provide vital ‘assets, services,…