Ian Barker

New research from Sophos into ransomware in the retail industry shows that among organizations that had data encrypted, 58 percent paid the ransom to get their data back -- the second highest payment rate in five years.

The survey, of 361 retail IT and cybersecurity leaders across 16 countries, also finds that 46 percent of attacks began with an unknown security gap, while 30 percent exploited known vulnerabilities. 58 percent of victims with encrypted data paid, however, only 48 percent of attacks resulted in encryption. The median ransom demand doubled to $2 million from 2024 and average payment increased five percent to $1 million.

New research from Forescout Vedere Labs reveals that 65 percent of devices across organizations are no longer traditional IT. Of these 11 percent are network equipment, while 24 percent are part of the extended IoT, such as IoT, OT and IoMT.

Financial services (54 percent), healthcare (45 percent) and oil, gas and mining (40 percent) are the sectors that have the highest percentages of non-IT devices.

It’s known as an ‘ohno-second’ that moment in time when you realize you’ve clicked send on something you shouldn’t have. But it’s no laughing matter, a new survey of more than 300 security and IT professionals from Abnormal AI highlights the growing threat and business impact of legitimate email messages sent to the wrong recipient.

These misdirected emails can result in data breaches, regulatory violations, remediation costs, and reputational damage. The research shows 98 percent percent of security leaders consider misdirected email as a significant risk when compared to other data loss risks like malware and insider threats.

New research finds that business trust in autonomous AI is growing, with 57 percent of organizations saying they’re ‘very confident’ in the technology’s reliability in core business processes.

Yet, despite this increasing trust, implementation is lagging. The survey from Insight Enterprises shows that six in 10 organizations are stuck in pilot or experimental phases. Most are deploying AI in low-risk, narrowly defined areas, with only 24 percent using it in production for clearly scoped use cases.

A new survey of global technology leaders across Brazil, China, India, Japan, the UK and US suggests that agentic AI will reach mass or near-mass adoption by consumers in 2026.

The study by IEEE shows top uses are likely to be personal assistant/scheduler/family calendar manager (52 percent), data privacy manager (45 percent), health monitor (41 percent), errand and chore automator (41 percent) and news and information curator (36 percent).

APIs were once treated as behind-the-scenes connectors. Today, they are the enterprise nervous system, linking cloud workloads, data platforms, SaaS tools, and increasingly, autonomous AI agents. This centrality makes them irresistible targets.

According to multiple industry reports, API-related vulnerabilities are among the fastest-growing classes of security incidents. The problem isn’t just exposure; it’s amplification. A single unprotected API can open the door to everything it touches, from sensitive customer records to critical operational systems.

Cloud-native platforms are built for speed with ephemeral workloads, rapid deployments, and plenty of third-party app dependencies.

This poses a real challenge to the deployment of runtime security tools. We talked to Bob Tinker, founder and CEO of BlueRock.io, to discuss how organizations can protect their cloud systems effectively.

A new report finds that while 73 percent of employees are encouraged to use AI 33 percent don’t always follow AI policies.

The study from 1Password, based on data from 5,200 desk-based knowledge workers across the US, Canada, the UK, Germany, France, and Singapore, also finds 52 percent of employees have downloaded apps without IT approval.

Date breaches affecting businesses and online services are ever more frequent and can affect anyone who is unfortunate enough to be a customer or supplier.

Finding out the facts about a breach can be tricky, however, as information is heavily reliant on self-disclosure. Proton is launching its Data Breach Observatory, which delivers a truer picture of the risks by monitoring and reporting cyberattacks and data breaches based on data sourced directly from the dark web.

Employees receive large numbers of emails every day and it’s estimated that 25 to 35 percent of these will be from people they haven’t communicated with before. Knowing whether or not a message has come from a legitimate new sender is almost impossible.

Until now that is. Email security specialist StrongestLayer is launching AI Advisor, a security assistant designed specifically to verify first-time senders and unknown contacts in real-time.

The average household now contains 22 connected home devices and is subjected to nearly 29 attacks each day, almost triple the rate recorded last year.

This the key finding of a new joint report from Bitdefender and NETGEAR which highlights how the expanding Internet of Things ecosystem, spanning everything from smart TVs and streaming boxes to routers and cameras, has dramatically increased consumer exposure to automated cyberattacks and large-scale exploitation.

The concept of DevOps has been around since the late 1980s and has been mainstream for the last 15 years or so. But there has recently been discussion around whether open-source platforms like System Initiative are challenging DevOps’ dominance.

We talked to Pablo Gerboles Parrilla, the founder and CEO of Alive DevOps, about what needs to change in how teams build and deploy software, and perhaps more importantly about what shouldn’t.

A new report from digital trust provider DigiCert highlights an unprecedented surge in distributed denial-of-service (DDoS) attacks that reached ‘internet tsunami’ scale, with two events peaking at 2.4 Tbps (terabits per second) and 3.7 Tbps respectively.

Attack traffic increasingly originates from regions where digital infrastructure is outpacing regulation, with Vietnam, Russia, Colombia, and China ranking among the top five sources.

A new report shows that organizations taking longer than nine hours to address an email security breach have a 79 percent chance of also being a victim of ransomware.

The study from Barracuda, based on a survey of 2,000 IT decision makers carried out by Vanson Bourne, also finds that most of the organizations surveyed (78 percent) experienced an email breach in the previous 12 months, with the average cost to recover reaching $217,068.

New research from business risk specialist Panaseer shows that major breaches are being caused by toxic combinations -- overlapping risks that compound and amplify each other, until they form a critical vulnerability.

The company analyzed 20 major breaches that have occurred over the past five years. In 14 of the 20 cases, it found clear evidence of compounding risks forming toxic combinations that magnified the overall impact.