Ian Barker

Every year, the holiday season brings a predictable spike in online activity. However, in 2025, new reports suggest the volume of newly created malicious infrastructure, account compromise activity, and targeted exploitation of eCommerce systems is markedly higher.

Fortinet’s FortiGuard labs identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale.’ At least 750 of these were confirmed malicious. This indicates many domains are still considered non-malicious, posing a potential risk.

New research from Bitsight finds that events synced in your digital calendar could be exposing you to phishing, malware and AI jailbreak attacks.

Bitsight’s TRACE research team discovered more than 390 abandoned domains related to iCal sync requests for subscribed calendars, potentially putting around four million devices at risk.

Most ransomware attacks occur during weekends and holidays, times of distraction or disruption when the majority of SOCs are not adequately staffed.

A new report from Semperis finds that 52 percent of surveyed organizations in the US, UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted at holidays or weekends.

Digital employee experience, or DEX, is about how employees engage with the technology and services they use every day: everything from laptops, apps, collaboration tools to networks.

We spoke to Dean Fernandes, CTO of NWN.ai to find out more about the importance of DEX and how it’s changing the world of IT.

New research from online protection company Malwarebytes exposes how social media and online marketplaces have become hotbeds for holiday shopping scams.

It finds that 51 percent of people encounter scams on social media weekly while an unlucky 27 percent meet scams daily. For marketplace shoppers, 36 percent are hit with a scam weekly and 15 percent experience one daily.

A new survey of 750 senior cyber security professionals across the US, UK and Australia, carried out by Opinion Matters for ThreatQuotient, finds 97 percent now regard automation, increasingly powered by AI technologies, as essential to business operations.

However, despite 49 percent of respondents obtaining net new budget allocation for cybersecurity automation this year -- up from 39 percent last year -- 96 percent still face persistent challenges, particularly around technology limitations, lack of trust in the outcomes of automated processes, and insufficient time to implement solutions.

The network firewall was designed for a world that doesn’t exist anymore. When corporate assets sat behind a data center perimeter, inspecting packets between ‘inside’ and ‘outside’ made sense.

But today, with workloads spread across multiple clouds, SaaS platforms, and edge environments, that perimeter has dissolved. Attackers don’t need to smash through firewalls when they can compromise privileged credentials and operate from within. A rogue or stolen admin account can cause catastrophic damage, something no network firewall can stop. The battlefield has shifted from networks to identities.

Retailers aren’t the only ones to want to make the most of Black Friday, it’s a boom time for scammers too. New analysis by Check Point reveals that one in 11 newly registered Black Friday-themed domains is classified as harmful.

October saw 158 new Black Friday related domains, a 93 percent increase over the 2025 monthly average. Early November intensified that growth, with more than 330 new related domains appearing in only the first 10 days.

A survey of over 2,000 IT and security decision-makers finds that 71 percent of in-house IT builds are eventually abandoned. In heavily regulated industries like manufacturing and finance this rises to 83 percent, which underscores how complexity and compliance pressures make homegrown systems difficult to sustain.

The study from Exclaimer calls this ‘The DIY Mirage’, a false sense of control and efficiency that fades as maintenance demands, compliance risks, and long-term costs grow.

A new report finds that the Common Vulnerabilities and Exposures (CVE) system struggles to keep pace with the realities of modern software development.

The study from Sonatype analyzed 1,552 open source vulnerabilities disclosed in 2025 and found that nearly two-thirds (64 percent) lacked severity scores from the National Vulnerability Database (NVD).

As the number of CVEs continues to rise, a new study finds 46 percent of respondents say that the volume of vulnerabilities has placed additional strain on their security teams’ resources impacting not only organizational security but also staff well being.

The report from Hackuity also shows that 26 percent, admit this pressure has contributed to a data breach, while 36 percent, report it resulted in a regulatory fine.

You may have noticed that yesterday ChatGPT, X and a number of other websites -- including BetaNews for a while -- were unavailable due to an issue with online security service Cloudflare. So what went wrong?

According to the company the problem occurred after a configuration file designed to handle threat traffic did not work as intended and ‘triggered a crash’ in its software handling traffic for its wider services.

Today’s IT leaders frequently face a critical trade-off between delivery speed and systems security. AI-assisted and -generated coding tools accelerate development cycles, but this speed can run counter to the realities of managing multi-faceted, complicated software components.

This seemingly leaves CIOs with two choices, moving at the speed of business while balancing potential production systems risks, or being overcautious to the point of losing to competitor’s innovations.

Nearly 40 percent of organizations have experienced security or compliance incidents directly linked to governance gaps introduced during cloud migration according to a new report.

The study from Pathlock, based on responses from 620 enterprise IT, compliance, and security leaders, finds that in spite of the regulatory pressures many organizations face, with respondents operating under major regulations like SOX, GDPR, and others, governance is often treated as an afterthought.

Artificial intelligence is reshaping healthcare systems across the globe. But to see where it stands today, and where it could be in the coming years, we need to better understand how AI can accelerate patient discharges, improve cancer detection, and support overstretched staff, while also addressing the barriers that have slowed adoption.

AI won’t replace doctors, but it can save healthcare. To find out how we spoke to prominent CIO with decades of healthcare experience, Richard Corbridge. Richard was previously the Chief Information Officer for the Health Service Executive in Ireland and was instrumental in the reform of the Irish healthcare technology system.