Ian Barker

Recent shifts in US federal cybersecurity efforts, most notably cuts to key CISA programs and the disbanding of the Cyber Safety Review Board, are having an impact beyond Washington according to a new report.

Security automation company Swimlane surveyed 500 IT and security decision-makers across the US and UK The findings show how private-sector leaders are now shouldering greater responsibility for resilience, investment and public‑private coordination.

Continue reading →

Increasing pressure to build and launch applications quickly has seen a rise in the use of AI to generate code. New analysis from Sonar, looking at the quality and security of software code produced by top Large Language Models (LLMs), finds significant strengths as well as material challenges across the tested models.

The study used a proprietary analysis framework for assessing LLM-generated code, tasking the LLMs with over 4,400 Java programming assignments. The LLMs evaluated in the study include Anthropic's Claude Sonnet 4 and 3.7, OpenAI's GPT-4o, Meta's Llama-3.2-vision:90b, and OpenCoder-8B.

Continue reading →

As enterprises embrace hybrid work, SaaS applications, and AI tools at unprecedented scale, one critical access point is being increasingly targeted by attackers: the browser.

To better understand the risks and what can be done to secure the browser, we spoke with Alon Levin, vice president of product management at Seraphic Security, and an expert in enterprise browser security.

Continue reading →

Developers building browser-based PDF applications have traditionally faced challenges related to performance bottlenecks, limited form handling, cumbersome signing workflows, and inconsistent cross-browser experiences.

PDF software specialist Foxit is aiming to change that with the launch of a new SDK for Web v11, which with its WebAssembly-powered rendering engine, modular architecture, and deeply refactored core components, eliminates many of the long-standing problems.

Continue reading →

New analysis of illicit dark web marketplaces where cybercriminals buy and sell access to corporate networks uncovers new insights into how initial access to compromised businesses is being sold -- often for less than $1,000 -- and the steps defenders can take to disrupt the process in its earliest stages.

Rapid7’s threat intelligence researchers analyzed hundreds of posts by Initial Access Brokers (IABs) offering access to compromised networks across a range of industries and regions. Their findings show that ‘initial’ access doesn’t necessarily equate to minimal; in many cases, this access represents a deep compromise.

Continue reading →

A new report reveals an increasing trust gap between businesses deploying agentic AI for external communications and consumers wary of sharing personal information due to security concerns.

The research, carried out by Censuswide for Salt Security, also warns that without proper API discovery, governance and security, the very technology meant to drive smarter customer engagement could open the door to cybersecurity issues including attacks or data leakage.

Continue reading →

New data from Check Point Research reveals a sharp rise in cyberattacks globally, with business services, healthcare, and manufacturing among the hardest hit sectors.

Ransomware incidents in particular have surged, with 487 attacks reported in July, a 41 percent increase year-on-year. North America accounted for 56 percent of all reported ransomware cases, followed by Europe at 24 percent.

Continue reading →

Threat actors are favoring smaller, persistent attacks under 100,000 requests per second according to a new report. This shift signals a growing dependence on automated, generative AI-enhanced attack tools, reflecting the democratization of DDoS capabilities among loosely coordinated threat actors and new actors entering the scene.

The report from Radware also shows web DDoS attacks rose 39 percent over the second half of 2024. The second quarter set a record with a 54 percent quarter-on-quarter spike.

Continue reading →

Thanks to the rise of hybrid working and SaaS the traditional concept of ‘attack surface’ -- limited to hardware, software, and network infrastructure -- is dangerously outdated and no longer sufficient to ensure cybersecurity.

We spoke to Mike Riemer, senior vice president Network Security Group and field CISO at Ivanti, to find out how organizations need to adapt to keep their systems secure.

Continue reading →

A recent study from IBM revealed that insider threats were the costliest data breaches of 2024, averaging $4.99 million per incident.

Andrius Buinovskis, cybersecurity expert at security platform NordLayer, says that as more companies adopt a browser-first approach, mitigating insider threats will become even more challenging because of the limited visibility security administrators have into employee activity taking place within the browser.

Continue reading →

The rise of generative and agentic AI is transforming how data is accessed and used, not just by humans but by non-human AI agents acting on their behalf. This shift is driving an unprecedented surge in data access demands, creating a governance challenge at a scale that traditional methods can’t handle.

If organizations can’t match the surge in access requests, innovation will stall, compliance risks will spike, and organizations will reach a breaking point. Joe Regensburger, VP of research at Immuta, argues that the solution isn’t more powerful AI models; it’s better governance. We talked to him to learn more.

Continue reading →

New analysis of recent high-profile breaches and global threat patterns, reveals a cybersecurity landscape dominated by AI-enhanced attacks, organized cybercrime, and rapid exploitation of zero-day vulnerabilities.

The research, from compliance automation platform Secureframe, shows critical infrastructure, healthcare, and financial services have become primary targets as threat actors evolve faster than traditional defenses.

Continue reading →

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

Continue reading →

Security teams are often hampered by having to identify and fix issues while weeding out false positives. This is an area where AI can help and Sysdig has launched a new agentic platform designed to analyze cloud environments end-to-end and uncover hidden business risk so organizations can remediate crucial threats fast and deliver measurable improvements in their security posture.

Sysdig Sage, the company’s AI cloud security analyst, ultimately understands context from the entire business and provides clear, contextual remediation recommendations, reducing an organization’s exposure time to critical vulnerabilities.

Continue reading →

Vishing (voice phishing) attacks have surged by over 1,600 percent so far this year, partly driven by a rise in AI-driven deepfake voice scams.

This is yet another way cybercriminals are seeking to impersonate those with access to company systems to disrupt organizations and hold data for ransom. We spoke to Anthony Cusimano, solutions director at Object First, to discover more about this trend and how businesses are at risk.

Continue reading →