Ian Barker

Popular cloud collaboration and file sharing platforms like Adobe, DocuSign, Dropbox, Canva, and Zoho are being misused in phishing attacks due to their widespread adoption by businesses and individuals.

Research by Cofense finds 8.8 percent of all credential phishing campaigns in 2024 used these websites. Among campaigns exploiting these online document sites 79 percent of all cases containing the domains were credential phishing attacks.

A new report from Claroty finds that 89 percent of healthcare organizations have medical devices vulnerable to ransomware-linked exploits and insecure internet connectivity.

Based on analysis of more than 2.25 million Internet of Medical Things (IoMT) devices and 647,000-plus OT devices across 351 healthcare organizations, the report finds 99 percent have at least one known exploited vulnerability (KEV) in their networks, while 78 percent of hospitals have OT devices with KEVs, including building management systems, power supplies, and temperature controls.

With deepfakes getting more sophisticated and harder to detect both organizations and individuals are at risk of falling victim to fraud and phishing attempts.

We spoke to SURF Security CTO, Ziv Yankovitz, to learn more about the increasing threat of deepfakes and best practices that can be used to for combat attacks.

A new report from Grafana Labs looks at the maturity and evolution of the observability landscape, from the complex challenges teams are facing to the tools and tactics they're implementing to overcome them.

The study, based on 1,255 responses, shows 75 percent of respondents are now using open source licensing for observability into software performance, with 70 percent reporting that their organizations use both Prometheus and OpenTelemetry in some capacity. Half of all organizations have increased their investments in both technologies for the second year in a row.

The latest threat intelligence report from Ontinue finds a 132 percent surge in ransomware attacks, although ransom payments have declined by 35 percent, suggesting a shift in attacker strategies to double down on ransomware efforts.

Among other key trends, the report highlights the rapid rise of Adversary-in-the-Middle (AiTM) attacks, which have become a dominant method for stealing authentication tokens and bypassing multi-factor authentication (MFA).

Research from VikingCloud finds that a successful cyberattack would force nearly one in five small- and medium-sized businesses to close down.

For nearly a third of SMBs, a cyberattack with relatively small financial impact -- less than $10,000 -- would cause them to shut down, according to the report.

A new study finds 83 percent of executives now rank supply chain resilience as being as critical as cybersecurity, and many are turning to technology to strengthen their operations.

The research from Cleo shows that to bolster resilience, 47 percent are considering artificial intelligence (AI), recognizing its potential to automate processes, predict disruptions, and enhance decision-making.

When getting a new smartphone most people focus on features and pricing, while security tends to be overlooked. But as we access the internet more using mobile devices, protecting users' personal information, transactions, and digital identities is vital.

We talked to Tom Tovar, CEO of Appdome, to discuss why mobile security should be at the forefront of consumer and media conversations and why it's currently being neglected.

A new report from Zscaler reveals a 3,000 percent year-on-year growth in enterprise use of AI/ML tools, highlighting the rapid adoption of AI technologies across industries to unlock new levels of productivity, efficiency, and innovation.

This surge in adoption also brings heightened security concerns though. According to the study enterprises blocked 59.9 percent of all AI/ML transactions, indicating awareness around the potential risks associated with AI/ML tools, including data leakage, unauthorized access, and compliance violations.

Ransomware attacks are increasingly targeting organizations across industries, with the potential to cause devastating financial, operational, and reputational damage.

We spoke to James Eason, practice lead for cyber risk and compliance at Integrity360, to get his insights into how executive boards can effectively prepare for such incidents.

Rooting (on Android) and jailbreaking (on iOS) were once widespread for enabling deeper customization and removing OS limitations on mobile devices. It's a practice that's become less common in recent years but still represents a serious security threat, not just to the user, but to enterprises who enable employees to access sensitive corporate apps and data from their devices.

Research from Zimperium's zLabs shows rooted Android devices experience 3.5 times more malware attacks, and system compromises have surged by 250 times compared to non-rooted devices.

With enterprises relying increasingly on data stored on the cloud existing ransomware solutions designed for in-house storage often fall short. That can mean longer recover times which in turn can prove devastating for the business.

Cloud backup platform Eon is launching a new cloud-native package designed specifically to provide protection and recovery from ransomware attacks. Engineered for immediate recovery, Eon's platform is able to restore clean data in minutes, offering greater efficiency than other current market offerings.

As organizations race to deliver apps at an unprecedented pace, the rise of freely available AI tools with sophisticated capabilities has made it easier than ever for threat actors to effortlessly reverse-engineer, analyze, and exploit applications at an alarming scale.

A new report from Digital.ai shows that 83 percent of applications are under constant attack, a nearly 20 percent increase from last year, with attack rates surging across all industries.

Trust management platform Vanta has announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network.

With 65 percent of businesses reporting that customers, investors and suppliers increasingly require proof of compliance, maintaining a strong security posture is essential for growth and unlocking new market entry. Vanta's new features simplify delegation, improve contextual communication and ensure accountability, allowing businesses to use their network of employees, vendors, auditors and customers to maintain continuous compliance.

A new report from SpyCloud highlights a 22 percent increase in stolen identity records since 2023.

These identity records, consisting of harvested employee, consumer, and supply chain data, are the fuel that power cyberattacks like ransomware, account takeover, and fraud with nearly 80 percent of breaches last year involving the use of stolen credentials.