cybersecurity

New research from internet service provider Beaming shows UK businesses were targeted more than 791,600 times last year and attackers are focused on systems that facilitate remote work and data storage, turning them into high-risk entry points.

Remote desktop and VPN services saw sustained, automated probing throughout 2025. These are the primary targets for ransomware groups who use stolen credentials to infiltrate and encrypt corporate networks to cause total business lockout.

New research from StrongestLayer highlights a fundamental shift in attacker behavior, where adversaries increasingly hide behind business-critical platforms such as DocuSign, Microsoft, and Google Calendar -- services organizations can’t block without disrupting operations.

The research analyzed analyzing 2,042 advanced email attacks that successfully bypassed Microsoft Defender E3/E5 and market-leading secure email gateways before being detected by StrongestLayer.

NordPass Authenticator is a feature that generates one-time passwords directly in a NordPass vault. It gives all the security of two-factor authentication without an extra app. However, until now it’s only been available to business users.

Today the company is also making Authenticator available for personal accounts. It uses time-based one-time password (TOTP) support which enables users to add an extra layer of security to their accounts with two-factor authentication, without the need to download or install additional applications.

The financial services sector has now overtaken healthcare as the industry with the highest number of data compromises.

New research from Alta Technologies analyzed information from the Identity Theft Resource Center 2024 Data Breach Report to determine which industries experienced the highest number of data breaches in 2024. shows the industry, which includes jobs such as accountants, bankers, and financial analysts, experienced 737 data compromises throughout 2024. Since 2018, healthcare had previously been the most attacked industry.

AI-driven bot traffic has surged in the past year, often they scrape content to serve their operator’s needs only without sending new users or traffic to the targeted site. This is also creating an environment where automated abuse is a primary driver of fraud, infrastructure cost overruns, traffic volatility, and customer friction.

Real-time data platform company, Hydrolix, is launching a new Bot Insights solution that gives real-time visibility into every bot, crawler, and AI agent hitting a business.

In 2025, the number of known phishing-as-a-service (PhaaS) kits doubled in number, increasing the pressure on security teams trying to defend against this ever-evolving threat.

A new report from Barracuda shows new players such as Whisper 2FA and GhostFrame introduced inventive and evasive tools and tactics, including a suite of techniques to prevent analysis of their malicious code, while established groups such as Mamba and Tycoon also continued to evolve and thrive.

A new wave of attacks is hitting the JavaScript package ecosystem, specifically through open-source managers like NPM. Instead of malicious code hiding in the package itself, attackers now weaponize the install process. So, the code looks clean at build-time but later executes in end-user browsers, where it quietly steals data.

We talked to Simon Wijckmans, CEO at the client-side security and intelligence platform cside, to understand why this is happening and how organizations can respond.

Cybercriminals can use malicious insiders as a direct means to access sensitive company resources, stealing confidential data or using the access to deploy a devastating cyberattack. New research shows that they’re actively searching for insiders from various organizations via the dark web.

Over the past 12 months, the team at threat exposure platform NordStellar has identified 25 unique dark web posts seeking out insiders. A significant portion of these posts focus explicitly on insiders who work for social media or cryptocurrency platforms.

Enterprises are already seeing AI agents sharing sensitive data, overriding internal policies and making unsanctioned changes without visibility into who authorized the action or why it occurred.

Security automation company Exabeam is launching a new release to deliver a connected system of AI-driven security workflows to protect organizations from the risks of AI usage and AI agent activity.

Policy violations linked to GenAI applications more than doubled year-on-year, with the average organization now recording 223 GenAI-related data policy violations per month. Among the top 25 percent of organizations, this figure rises to 2,100 incidents per month.

A new report from Netskope Threat Labs also highlights the continued prevalence of shadow AI, despite growing investment in company-approved AI tools.

Privacy has been increasingly in the news over the last year with plans for government digital IDs and age verification for websites, as well as concerns about how eCommerce businesses and others use personal data.

What can we expect from the privacy landscape in 2026? Some industry experts give us their views.

As more and more information is stored in the cloud, often with hyperscale providers, the issue of data sovereignty -- where the information resides and who can access it -- becomes increasingly crucial.

We spoke to Sergej Epp, CISO at Sysdig, and previously CISO at Palo Alto Networks, to explore the theme of data sovereignty, cloud and security.

The very nature of cybersecurity makes it a constant arms race between attackers and defenders and recently that’s meant both sides utilizing AI.

This seems unlikely to change in 2026 but what else might we expect? Some industry experts give us their views.

Artificial intelligence has been driving much of the technical agenda for the last couple of years and is still evolving rapidly, finding its way into more and more areas.

Here some industry experts look at what we can expect to see from the AI space in 2026.

The recent AyySSHush botnet campaign compromised over 9,000 ASUS routers worldwide via SSH key injection. Unlike traditional botnets, this campaign flips the C2 model -- routers silently await inbound contact from the attacker, making detection incredibly difficult.

And since SSH key authentication happens after encryption is established, key usage remains invisible to most monitoring tools. Combine that with the fact that routers are critical, often unmonitored devices, and it’s easy to see why this attack is a sweet spot for adversaries.