Ian Barker

According to new research from Radware 83 percent of credential stuffing campaigns include explicit API-targeting techniques.

The report shows a shift in credential stuffing attacks, underscoring a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to more sophisticated, multi-stage infiltration techniques.

Continue reading →

As organizations embrace digital transformation and AI, security teams face mounting pressure to defend an ever-expanding attack surface according to a new report.

The research from Cobalt suggests traditional reactive security measures cannot keep pace with modern threats, particularly when adversaries leverage automation and AI to scale their attacks. 60 percent of respondents believe attackers are evolving too quickly for them to maintain a truly resilient security posture.

Continue reading →

A new report from Semperis, based on a study of almost 1,500 organizations globally, shows that hackers are stepping up threat levels and ransomware is still a global epidemic.

In 40 percent of attacks threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand. US-based companies experienced physical threats 46 percent of the time, while 44 percent of German firms experienced similar forms of intimidation.

Continue reading →

A new report looks at the state of post-quantum cryptography (PQC) from the perspective of
cybersecurity professionals, finding that 48 percent of organizations aren’t prepared to confront the urgent challenges posed by quantum computing.

The report from Keyfactor, based on a survey of 450 cybersecurity leaders across North America and Europe carried out by Wakefield Research, finds mid-sized organizations are particularly vulnerable, with 56 percent saying they are not ready.

Continue reading →

Security operations teams often struggle with complex tools, legacy pattern-matching DLP, manual policy tuning, and alert fatigue. This can slow investigations, increase overhead, and reduce security effectiveness.

While traditional DLP solutions aim to tackle these challenges, they require constant human intervention, generate high false positive rates, and often miss sophisticated threats that bypass simple pattern recognition. That’s why Nightfall is launching an autonomous Data Loss Prevention platform.

Continue reading →

The UK’s new Online Safety Act came into force this week, aimed at protecting youngsters with age verification to access adult and harmful content. However, it’s seen other material being blocked and sparked concern among free speech campaigners about government censorship.

It’s not too surprising then that there’s been a lot of interest in VPNs since the act came into force. VPNMentor has seen a 6,430 percent peak surge in VPN demand since the act’s introduction.

Continue reading →

Cloud threats are evolving faster than most security teams can respond, and traditional security tools are struggling to keep pace. According to IBM’s 2024 Cost of a Data Breach Report it now takes an average of 258 days to detect and contain a breach -- giving attackers more than enough time to access sensitive data and move laterally through cloud infrastructure undetected.

We spoke to CEO of Upwind, Amiram Schacha, to learn why organizations need real-time visibility and protection at the runtime layer -- where threats actually occur -- in order to close this growing security gap.

Continue reading →

Electronic data interchange (EDI) is the lifeblood of modern business, but even a small error -- be it a connection failure, data quality issue, transformation failure, or data transmission issue for example -- can rapidly cascade, generating hundreds or even thousands of issues.

This can become a domino effect tipping over into longer root cause identification, inefficiency in managing a raft of open tickets, and a prolonged time to resolution. These factors can increase operational risk, leading to downstream supply chain issues that can jeopardize valuable business relationships.

Continue reading →

Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as ‘Verified’ and ‘Chrome Featured’ provided by extension stores as a security indicator.

However, new research from SquareX points up architectural flaws in how browser security tools work which mean they’re unable to detect or prevent the latest advancements in malicious browser extension attacks.

Continue reading →

A new study reveals that that 90 percent of leaders find managing cyber risks harder today than they did five years ago, resulting in higher reports of burnout (47 percent), including more than one in ten who say they’re on the verge of quitting.

The report from Bitsight shows the leading causes of poor cyber risk management, and therefore burnout, include an explosion of AI (39 percent), and rapidly expanding attack surfaces (38 percent).

Continue reading →

According to Gartner 33 percent of enterprise applications are expected to incorporate agentic AI by 2028, but are their security teams equipped with the latest training and technology to protect this new attack surface?

We spoke with Ante Gojsalić, CTO and co-founder at SplxAI to uncover the hidden dangers in agentic AI systems and what enterprises can do to stay ahead of the malicious looking to exploit them.

Continue reading →

On its own artificial intelligence isn’t a solution to cybersecurity issues, but new data from Hack The Box, a platform for building attack-ready teams and organizations, reveals that cybersecurity teams are increasingly beginning to adopt AI as a copilot for solving security challenges.

Based on real-world performance data from over 4,000 global participants in Hack The Box’s Global Cyber Skills Benchmark, a large-scale capture the flag competition, the report highlights how cyber teams are starting to use AI as a teammate to their security staff.

Continue reading →

Every application, database, filesystem and SaaS service inevitably creates another data silo. From Hadoop-based data lakes to modern data warehouses and lakehouses, enterprises have invested millions in the promise of a single source of truth. But these grand visions invariably fall short.

We talked to Saket Saurabh, CEO and co-founder of Nexla, to discuss a more practical approach that embraces the existence of data silos while ensuring seamless access and usability.

Continue reading →

Traditional runtime security solutions have tended to focus on detection and as a result generate thousands of low-fidelity alerts. Edera is launching what it says is a new software security category aimed at ending the era of 'move fast and break things'.

Edera's ‘hardened runtime’ provides production-grade sandboxing that assumes a breach before it occurs. This architectural approach eliminates the root causes of privilege escalation, lateral movement, and data exfiltration while dramatically reducing operational overhead for security teams.

Continue reading →

While 79 percent of organizations are already using AI in production environments, only six percent have implemented a comprehensive, AI-native security strategy.

This is among the findings in the new AI Security Benchmark Report from SandboxAQ, based on a survey of more than 100 senior security leaders across the US and EU, which looks at concerns about the risks AI introduces, from model manipulation and data leakage to adversarial attacks and the misuse of non-human identities.

Continue reading →