Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Continue reading →

Today -- which of course you knew already -- is World Backup Day, an idea that began in 2011 as a reminder from a group of Reddit users who had seen too many people lose their important files. They deliberately picked the day before April Fool's to get across that you’d be a fool not to backup your data.

Although it started a bit of a joke it's become a useful reminder that backups are important and figures in the industry now see it as good for raising awareness. Here’s what some of them think.

Continue reading →

No business is immune from the threat of cyberattack, but when it comes to protecting their most critical and sensitive data many feel they are inadvertently helping attackers through the leaking information.

We spoke to Paul Laudanski, director of security research at Onapsis, to learn about the most common errors and how to guard against them,

Continue reading →

As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

Continue reading →

While Windows remains the most targeted operating system, Linux, once regarded as 'secure by default', has now emerged as the second-most infected OS, according to the 2024 Elastic Global Threat Report.

Linux's expanding use beyond servers has broadened its attack surface. Plus, its open-source nature, while great for developers, can also lead to mistakes and security holes. We spoke to Apu Pavithran, founder and CEO of Hexnode, to find out more about why Linux is being targeted and how it can be defended.

Continue reading →

A new report from Sift reveals an alarming democratization of cybercrime, with 34 percent of consumers seeing offers to participate in payment fraud online, an 89 percent increase over 2024.

The report details how fraudsters openly advertise and sell stolen payment information and fraud services on social media platforms and deep web forums like Telegram, significantly lowering the barrier to entry for anyone to participate in fraudulent activities.

Continue reading →

Over 70 percent of developers and quality assurance professionals responding to a new survey say their organization is currently developing AI applications and features, with 55 percent stating that chatbots and customer support tools are the main AI-powered solutions being built.

The research from Applause surveyed over 4,400 independent software developers, QA professionals and consumers explored common AI use cases, tools and challenges, as well as user experiences and preferences.

Continue reading →

We're always being encouraged to be greener in our energy usage these days and many people have turned to solar power as a means of doing their bit and reducing their bills.

But the inverter used to convert energy from solar panels to usable household electricity is usually an IoT device and could therefore be vulnerable. New research from Forescout analyzed equipment from six of the top 10 vendors of solar power systems worldwide: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA. It has uncovered 46 new vulnerabilities across three of these inverter vendors, Sungrow, Growatt, and SMA.

Continue reading →

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

Continue reading →

Nuances in digital messaging in the workplace are driving miscommunication according to a new study by Adaptavist.

The survey of 1,000 UK knowledge workers finds 'misinterpreting tone or phrasing' comes out as the biggest communication challenge facing workers, cited by almost half (46 percent) of respondents. This is closely followed by different response time expectations (46 percent) and lack of context (31 percent).

Continue reading →

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

Continue reading →

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

Continue reading →

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

Continue reading →

A new report from Grafana Labs looks at the maturity and evolution of the observability landscape, from the complex challenges teams are facing to the tools and tactics they're implementing to overcome them.

The study, based on 1,255 responses, shows 75 percent of respondents are now using open source licensing for observability into software performance, with 70 percent reporting that their organizations use both Prometheus and OpenTelemetry in some capacity. Half of all organizations have increased their investments in both technologies for the second year in a row.

Continue reading →

The latest threat intelligence report from Ontinue finds a 132 percent surge in ransomware attacks, although ransom payments have declined by 35 percent, suggesting a shift in attacker strategies to double down on ransomware efforts.

Among other key trends, the report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA).

Continue reading →