Ian Barker

International bad actors -- like fraudsters from Russia and China -- are driving one in eight fraud attempts in the US, seeking everything from access to government services to loans, according to a new report.

During the pandemic, government agencies were flooded with fraudulent applications that went undetected by outdated methods. This study from Socure shows AI-powered technologies are enabling fraudsters to supercharge their efforts, hitting government agencies and commercial entities at once, with relentless speed, and at scale.

Continue reading →

A new study from Comparitech, based on data collected from 2,600 attacks between 2018 and 2023, shows the average time for a US company to report a data breach following a ransomware attack is 4.1 months.

From 2018 to 2023, the average time to report a ransomware breach has increased, rising from 2.1 months in 2018 to just over five months in 2023. Healthcare has the lowest reporting time with 3.7 months, while businesses (4.2 months) and government entities (4.1 months) are similar.

Continue reading →

New research shows that one in 10 prompt injection atempts against GenAI systems manage to bypass basic guardrails. Their non-deterministic nature also means failed attempts can suddenly succeed, even with identical content.

AI security company Pangea ran a Prompt Injection Challenge in March this year. The month-long initiative attracted more than 800 participants from 85 countries who attempted to bypass AI security guardrails across three virtual rooms with increasing levels of difficulty.

Continue reading →

The Python programming language has become the foundation of modern AI and machine learning applications. Of course that makes it a prime target for supply chain attacks.

Public registries do minimal vetting of hosted artifacts, and they don't provide assurance that the distributed library matches its source code, exposing enterprises to supply chain attacks. Python libraries are also susceptible to supply chain attacks because many projects include more than just pure Python code -- for example project maintainers often rebundle shared system libraries into their Python libraries to ensure stable behavior.

Continue reading →

Cloud security company Sysdig has announced the donation of Stratoshark, the company's open source cloud forensics tool, to the Wireshark Foundation.

This move is aimed at fostering innovation within the community, building in the open, and pushing security forward with advanced tools that better understand cloud-native environments.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

A new report from performance analytics company Conviva highlights a rise in 'digital rage' as 91 percent of consumers report encountering frustrating digital service issues in the past year.

Businesses risk backlash, lost revenue, and damaged reputations if they fail to address these problems. Poor digital experiences have immediate and tangible impacts on revenue as 55 percent of consumers abandon their purchase, 50 percent switch to another company, and 39 percent cancel their subscription.

Continue reading →

Fans of the 1980s British sitcom 'Yes Minister' will know the character Sir Humphrey -- a senior civil servant whose main role seemed to be to prevent ministers from implementing their policies. You may also know that Humphrey is the name of the Downing Street cat.

With its tongue firmly in its cheek then, the UK government is introducing 'Humphrey', a bundle of AI tools designed to speed up the work of civil servants and cut back time spent on admin, and money spent on contractors.

Continue reading →

As network Application Programming Interfaces (APIs) unlock more advanced capabilities like Quality on Demand, Device Location, Number Verification, and SIM Swap, they will also support cutting-edge solutions like private 5G networks using network slicing, which grants enterprises greater autonomy and control over their wireless networks.

We spoke to Doug Makishima, advisor to the Mobile Ecosystem Forum, to discuss the impact of network APIs as well as how mobile network operators (MNOs) are moving from being 'data pipes' to adopting Network-as-a-Service (NaaS) models and what this means for the industry

Continue reading →

With the European Accessibility Act (EAA) due to come into force next month, 84 percent of respondents to a new study say that digital accessibility is a priority for their company.

The EAA aims to make technology products and services easier to use for people with disabilities. The study, from quality and testing specialist Applause, shows 94 percent of organizations are preparing for the EAA by the June 28, 2025 deadline.

Continue reading →

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading →

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. The number of publicly disclosed victims also saw a 24 percent increase from the previous year.

A new report from Black Kite shows this follows a steep rise in the previous period with an 81 percent surge, amounting to a 123 percent increase over two years. Ransomware was responsible for 67 percent of known third-party breaches.

Continue reading →

Although 99 percent of organizations responding to a new survey suffered a security incident tied to human error in the past year, the majority state that they struggle to implement effective, scalable security awareness training (SAT) programs that reduce this risk.

The study from Abnormal AI of over 300 security and IT leaders in the US and UK finds that SAT is widely adopted, with 75 percent of organizations requiring employees to complete training at least quarterly.

Continue reading →

On today's International Anti-Ransomware Day, cybersecurity company SentinelOne has publishes a blog looking at on how ransomware has evolved over the past 10 years.

It highlights how Ransomware-as-a-Service (RaaS) has matured into a scalable, profit-driven model, with revenue-sharing, affiliate recruitment, and performance incentives fuelling rapid expansion across the cybercrime ecosystem.

Continue reading →

AI agents are here to stay, but there are still some major privacy and data concerns that need to be addressed before the tech goes mainstream.

That's because AI agents are only as good as their data, and right now, that data is fragmented, unsecured, and often unreliable.

Continue reading →