As you'll already know, today is World Passkey Day and the FIDO Alliance has released an independent study of over 1,300 consumers across the US, UK, China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The results are encouraging, they find 74 percent of consumers are aware of passkeys and 69 percent have enabled passkeys on at least one of their accounts.

Continue reading →

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

Continue reading →

Organizations are often using 50 or more different security tools and, even with the help of AI, they need to manually interact with each when investigating cybersecurity incidents.

A new SaaS security Model Context Protocol (MCP) server launched by AppOmni at this week's RSA Conference is designed to let security teams spend less time investigating incidents and more time taking action to fix them.

Continue reading →

A new AI security report from Check Point Software shows how cybercriminals are co-opting generative AI and large language models (LLMs) in order to damage trust in digital identity.

At the heart of these developments is AI's ability to convincingly impersonate and manipulate digital identities, dissolving the boundary between authentic and fake.

Continue reading →

According to a new study, 79 percent of respondents say their organization is making changes to its cybersecurity budget. Of these, 71 percent say their security budgets are increasing, with the average budget at $24 million.

However, the report from Optiv, with research by the Ponemon Institute, also shows 66 percent of the more than 600 respondents report cybersecurity incidents have increased in the past year, up from 61 percent in 2024.

Continue reading →

Although 63 percent of organizations claim their architecture is integrated throughout development (from design to deployment and beyond), a new study shows more than half (56 percent) have documentation that doesn't match the architecture in production.

The research from vFunction shows the impact of this architecture disconnect has potentially resulted in project delays (53 percent), security or compliance challenges (50 percent), scalability limitations (46 percent), and reduced engineering team productivity (28 percent).

Continue reading →

A new survey of nearly 1,500 IT, engineering, and cybersecurity professionals worldwide reveals that 69 percent say maintaining data security and compliance is a top data management obstacle.

Not far behind is managing data volume and growth, cited by 67 percent. The research from Splunk shows 62 percent of respondents claim that difficulties with data management resulted in compliance failures.

Continue reading →

New research highlights the growing threat of identity-based attacks and looks at organizations ability to defend against them.

The study from Huntress shows 67 percent of organizations reported an increase in identity-based incidents over the past three years, with these attacks comprising more than 40 percent of security incidents for 35 percent of organizations in the past year alone.

Continue reading →

When used legitimately, HTML attachments in emails enable organizations to share content, such as newsletters or invitations, that display properly when opened in an email client or web browser.

But a new report from Barracuda reveals that 23 percent of HTML attachments are malicious, making them the most weaponized text file type. Overall more than three-quarters of the malicious files detected overall were HTML, and 24 percent of email messages overall are now unwanted or malicious spam.

Continue reading →

Mobile threats are no longer an emerging issue, they're here, rapidly evolving, and targeting the devices organizations depend on every day.

As employees use smartphones, laptops, and tablets to access sensitive data and systems, a new report from Zimperium zLabs shows attackers are increasingly exploiting these endpoints through mobile-first strategies that bypass traditional security defenses.

Continue reading →

A new report from managed security services company LevelBlue reveals that organizations are forging ahead with AI innovations despite increased security concerns.

The report shows AI-powered attacks, such as deepfakes and synthetic identity attacks, are expected to rise in 2025, but many remain unprepared. The report finds that only 29 percent of executives say they are prepared for AI-powered threats, despite nearly half (42 percent) believing they will happen.

Continue reading →

A new survey of 1,000 businesses across the UK, UK, Europe and the Asia-Pacific region reveals a worrying disconnect between organizations' perceived readiness and actual performance in cyber crisis response.

The study for Semperis, with research from Censuswide, finds 90 percent of enterprises surveyed struggle with serious blockers to effective cyber response. Top issues include cross-team communication gaps (48 percent), out-of-date response plans (45 percent) and unclear roles and responsibilities (41 percent).

Continue reading →

As artificial intelligence (AI) continues to reshape industries, data privacy and security concerns are escalating. The rapid growth of AI applications presents new challenges for companies in safeguarding sensitive information.

Emerging advanced AI models like Deepseek, developed outside the US, underscore the risks of handling critical data. We spoke to Amar Kanagaraj, CEO of Protecto -- a data guardrail company focused on AI security and privacy -- to get his insights on the most pressing AI data protection challenges.

Continue reading →

Security teams know they need to test their main applications, but they often struggle to identify which other assets to cover. On average, organizations can miss testing nine out of 10 of their complex web apps.

Security testing platform Detectify is announcing the launch of its new Asset Classification and Scan Recommendations capabilities which enable organizations to easily identify and swiftly act on their complex web applications.

Continue reading →

Most Linux users assume their security tools will catch bad actors before damage is done -- but sadly, new research suggests that confidence may be misplaced. You see, ARMO, the company behind Kubescape, has uncovered what could be one of the biggest blind spots in Linux security today. The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors. The problem? Attackers can completely sidestep these monitored calls by leaning on io_uring instead. This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Continue reading →