Ian Barker

Experts from NordVPN are warning about a rise in ‘invisible’ attacks that can steal payment details on legitimate eCommerce sites.

Known as e-skimming this involves malicious JavaScript code being injected into legitimate eCommerce sites to steal customers’ payment data during checkout. This is the online equivalent of physical skimming devices found on ATMs or gas pumps.

New research from Miggo Security suggests that CISA’s Known Exploited Vulnerabilities (KEV) catalog now reflects only a small slice of real-world exploit risk in open source, and it raises questions about how the industry should be using KEV going forward.

Using open source code speeds innovation but expands the attack surface with every imported library and dependency. The result is a growing catalog of vulnerabilities, each one a potential entry point for attackers.

Many companies are still heavily reliant on legacy systems, which can lead to high maintenance costs, limited flexibility, and increased security risks. All of which can hold back AI integration.

We spoke to Jorge Lopez, CEO of Jalasoft, about the critical role legacy systems play in today’s rapidly evolving AI landscape and how organizations can modernize strategically without disrupting core operations.

New research finds that 85 percent of developers report higher productivity with AI, yet only 18 percent say that they fully trust it.

The study from Techreviewer was conducted among senior developers, CTOs, and tech executives from 19 countries. It shows that 64 percent of developers use AI tools every day, with only two percent never using them. ChatGPT leads in popularity at 84 percent usage, followed by Claude (64 percent), Copilot (56 percent), and Cursor (53 percent).

Every year, the holiday season brings a predictable spike in online activity. However, in 2025, new reports suggest the volume of newly created malicious infrastructure, account compromise activity, and targeted exploitation of eCommerce systems is markedly higher.

Fortinet’s FortiGuard labs identified more than 18,000 holiday-themed domains registered in the past three months, including terms such as ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale.’ At least 750 of these were confirmed malicious. This indicates many domains are still considered non-malicious, posing a potential risk.

New research from Bitsight finds that events synced in your digital calendar could be exposing you to phishing, malware and AI jailbreak attacks.

Bitsight’s TRACE research team discovered more than 390 abandoned domains related to iCal sync requests for subscribed calendars, potentially putting around four million devices at risk.

Most ransomware attacks occur during weekends and holidays, times of distraction or disruption when the majority of SOCs are not adequately staffed.

A new report from Semperis finds that 52 percent of surveyed organizations in the US, UK, France, Germany, Italy, Spain, Singapore, Canada, Australia and New Zealand were targeted at holidays or weekends.

Digital employee experience, or DEX, is about how employees engage with the technology and services they use every day: everything from laptops, apps, collaboration tools to networks.

We spoke to Dean Fernandes, CTO of NWN.ai to find out more about the importance of DEX and how it’s changing the world of IT.

New research from online protection company Malwarebytes exposes how social media and online marketplaces have become hotbeds for holiday shopping scams.

It finds that 51 percent of people encounter scams on social media weekly while an unlucky 27 percent meet scams daily. For marketplace shoppers, 36 percent are hit with a scam weekly and 15 percent experience one daily.

A new survey of 750 senior cyber security professionals across the US, UK and Australia, carried out by Opinion Matters for ThreatQuotient, finds 97 percent now regard automation, increasingly powered by AI technologies, as essential to business operations.

However, despite 49 percent of respondents obtaining net new budget allocation for cybersecurity automation this year -- up from 39 percent last year -- 96 percent still face persistent challenges, particularly around technology limitations, lack of trust in the outcomes of automated processes, and insufficient time to implement solutions.

The network firewall was designed for a world that doesn’t exist anymore. When corporate assets sat behind a data center perimeter, inspecting packets between ‘inside’ and ‘outside’ made sense.

But today, with workloads spread across multiple clouds, SaaS platforms, and edge environments, that perimeter has dissolved. Attackers don’t need to smash through firewalls when they can compromise privileged credentials and operate from within. A rogue or stolen admin account can cause catastrophic damage, something no network firewall can stop. The battlefield has shifted from networks to identities.

Retailers aren’t the only ones to want to make the most of Black Friday, it’s a boom time for scammers too. New analysis by Check Point reveals that one in 11 newly registered Black Friday-themed domains is classified as harmful.

October saw 158 new Black Friday related domains, a 93 percent increase over the 2025 monthly average. Early November intensified that growth, with more than 330 new related domains appearing in only the first 10 days.

A survey of over 2,000 IT and security decision-makers finds that 71 percent of in-house IT builds are eventually abandoned. In heavily regulated industries like manufacturing and finance this rises to 83 percent, which underscores how complexity and compliance pressures make homegrown systems difficult to sustain.

The study from Exclaimer calls this ‘The DIY Mirage’, a false sense of control and efficiency that fades as maintenance demands, compliance risks, and long-term costs grow.

A new report finds that the Common Vulnerabilities and Exposures (CVE) system struggles to keep pace with the realities of modern software development.

The study from Sonatype analyzed 1,552 open source vulnerabilities disclosed in 2025 and found that nearly two-thirds (64 percent) lacked severity scores from the National Vulnerability Database (NVD).

As the number of CVEs continues to rise, a new study finds 46 percent of respondents say that the volume of vulnerabilities has placed additional strain on their security teams’ resources impacting not only organizational security but also staff well being.

The report from Hackuity also shows that 26 percent, admit this pressure has contributed to a data breach, while 36 percent, report it resulted in a regulatory fine.