Articles about cybersecurity

With new threats such as AI-powered attacks, enterprises must be fully prepared and confident about protecting themselves and their customers and build a unified security operations center (SOC) that combines human expertise with AI advancements.

A new report from Splunk looks at the mounting challenges faced by SOCs. It uncovers the pain points that hamper organizations and open their doors to threats -- 46 percent of respondents say they spend more time maintaining tools than defending the organization, while only 11 percent trust AI completely for mission-critical tasks. Furthermore, 66 percent experienced a data breach in the past year, making it the most common security incident.

Continue reading →

The threat landscape is rapidly changing and businesses can no longer simply wait for an attack to be caught by traditional tools or decide how to respond after it occurs.

Mike Mitchell, VP of threat intelligence at Intel 471, has experienced the evolution of threat hunting first-hand as he's been in the industry for decades. We spoke to him to learn more.

Continue reading →

International bad actors -- like fraudsters from Russia and China -- are driving one in eight fraud attempts in the US, seeking everything from access to government services to loans, according to a new report.

During the pandemic, government agencies were flooded with fraudulent applications that went undetected by outdated methods. This study from Socure shows AI-powered technologies are enabling fraudsters to supercharge their efforts, hitting government agencies and commercial entities at once, with relentless speed, and at scale.

Continue reading →

A new study from Comparitech, based on data collected from 2,600 attacks between 2018 and 2023, shows the average time for a US company to report a data breach following a ransomware attack is 4.1 months.

From 2018 to 2023, the average time to report a ransomware breach has increased, rising from 2.1 months in 2018 to just over five months in 2023. Healthcare has the lowest reporting time with 3.7 months, while businesses (4.2 months) and government entities (4.1 months) are similar.

Continue reading →

New research shows that one in 10 prompt injection atempts against GenAI systems manage to bypass basic guardrails. Their non-deterministic nature also means failed attempts can suddenly succeed, even with identical content.

AI security company Pangea ran a Prompt Injection Challenge in March this year. The month-long initiative attracted more than 800 participants from 85 countries who attempted to bypass AI security guardrails across three virtual rooms with increasing levels of difficulty.

Continue reading →

Cloud security company Sysdig has announced the donation of Stratoshark, the company's open source cloud forensics tool, to the Wireshark Foundation.

This move is aimed at fostering innovation within the community, building in the open, and pushing security forward with advanced tools that better understand cloud-native environments.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading →

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. The number of publicly disclosed victims also saw a 24 percent increase from the previous year.

A new report from Black Kite shows this follows a steep rise in the previous period with an 81 percent surge, amounting to a 123 percent increase over two years. Ransomware was responsible for 67 percent of known third-party breaches.

Continue reading →

Although 99 percent of organizations responding to a new survey suffered a security incident tied to human error in the past year, the majority state that they struggle to implement effective, scalable security awareness training (SAT) programs that reduce this risk.

The study from Abnormal AI of over 300 security and IT leaders in the US and UK finds that SAT is widely adopted, with 75 percent of organizations requiring employees to complete training at least quarterly.

Continue reading →

On today's International Anti-Ransomware Day, cybersecurity company SentinelOne has publishes a blog looking at on how ransomware has evolved over the past 10 years.

It highlights how Ransomware-as-a-Service (RaaS) has matured into a scalable, profit-driven model, with revenue-sharing, affiliate recruitment, and performance incentives fuelling rapid expansion across the cybercrime ecosystem.

Continue reading →

Only four percent of organizations worldwide have achieved the 'mature' level of readiness required to effectively withstand today's cybersecurity threats, even as hyperconnectivity and AI introduce new complexities for security practitioners.

The latest Cybersecurity Readiness Index from Cisco shows 86 percent of organizations faced AI-related security incidents last year. However, only 49 percent of respondents are confident their employees fully understand AI related threats, and 48 percent believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks.

Continue reading →

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.

Continue reading →

Thanks to a growth in remote working and the use of SaaS applications enterprise reliance on browsers is growing, but this leaves them open to risks stemming from dangerous employee web behavior.

According to a cybersecurity expert at network security platform NordLayer, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR.

Continue reading →

The latest State of Pentesting report from Pentera reveals that over 50 percent of enterprise CISOs now report using software-based pentesting to support their in-house testing practices.

Based on research conducted by Global Surveyz, the report notes that 50 percent of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

Continue reading →