Articles about cybersecurity

There was a time when Windows 7 was the gold standard. The operating system was fast, stable, and dependable. Quite frankly, it was very beautiful too. But that time is long gone. In 2025, sticking with Windows 7 isn’t just quirky or nostalgic, folks, it’s downright reckless.

Look, Microsoft officially pulled the plug on Windows 7 security updates back in January 2020. That’s like an eternity in the computing world. Since then, the operating system has been vulnerable to known exploits with no patches in sight. Running it today is like leaving your front door wide open for criminals with a sign that says, “Come on in.”

Continue reading →

We all know that businesses are facing a raft of more sophisticated cyberthreats, partly driven by AI. We also know that there can be an impact beyond the financial in terms of damage to reputation and loss of customers.

A new report from cyber insurance specialist Hiscox reveals that 67 percent of organizations report increase in attacks and 34 percent of firms have compromised cybersecurity measures due to lack of expertise in managing emerging tech risks.

Continue reading →

Non-human identities (NHIs) -- such as service accounts, tokens, API keys, and workloads -- are exploding in volume, now outnumbering humans 50 to one, but they remain under-observed, under-protected, and dangerously over-privileged.

New data from identity security platform Silverfort shows 40 percent of cloud NHIs do not have an owner. These accounts are often excluded from proper lifecycle management, leaving them unobserved, unprotected, and open to abuse.

Continue reading →

Ignoring vulnerabilities and exposures may not seem like a good idea, but conventional strategies rely heavily on vulnerability severity (CVSS) and exploitability indicators (EPSS), which ignore whether vulnerabilities are exploitable or already mitigated by existing defenses in a specific organization.

More than 40,000 new CVEs were disclosed in 2024, of which 61 percent were labeled as high or critical, but they won't all be a risk to every business. A new tool from Picus Security allows security teams to verify the exploitability of vulnerabilities and determine which pose real-world risks based on their unique environments.

Continue reading →

A new report from CyCognito highlights critical security vulnerabilities across cloud-hosted material, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets.

Though uncommon, critical vulnerabilities (CVSS 9.0 or higher) have been detected on assets hosted by all cloud providers, with assets hosted by Azure showing a slightly higher percentage (0.07 percent) compared to assets hosted by AWS and Google Cloud (0.04 percent).

Continue reading →

Runtime AI defense platform Operant AI is launching Woodpecker, an open-source, automated red teaming engine, that isn't for the birds but aims to make advanced security testing accessible to organizations of all sizes.

As organizations increasingly adopt complex cloud-native applications and AI technologies, security vulnerabilities have become more sophisticated and challenging to detect. Woodpecker is designed to help organizations proactively detect and address security vulnerabilities across AI systems, Kubernetes environments, and APIs.

Continue reading →

Hybrid cloud infrastructure is under mounting strain from the growing influence of artificial intelligence, according to a new report.

The study, from observability specialist Gigamon, of over 1,000 global security and IT leaders, shows breach rates have surged to 55 percent during the past year, representing a 17 percent year-on-year rise, with AI-generated attacks emerging as a key driver of this growth.

Continue reading →

Use of generative AI is becoming more common, but this comes with a multitude of inherent risks, security and data privacy being the most immediate. Managing these risks may seem daunting, however, there is a path to navigate through them, but first you have to identify what they are.

We talked to Robert W. Taylor, Of Counsel with Carstens, Allen & Gourley, LLP to discuss how a failure to identify all the relevant risks can leave businesses open to to unexpected legal liabilities.

Continue reading →

Hardware authentication company Yubico is announcing the expanded availability of YubiKey as a Service to all countries in the European Union (EU). This allows organizations to be more agile and flexible in their adoption of phishing-resistant YubiKeys.

It's also announced the greater availability of YubiEnterprise Delivery across 117 new locations around the world. This makes it available 199 locations (175 countries and 24 territories) and more than doubles existing delivery coverage of YubiKeys to both office and remote users in a fast and turnkey way.

Continue reading →

While 92 percent of respondents to a new survey say collaboration and information sharing are either 'absolutely crucial' or 'very important' in the fight against cyber threats, the results tell a different story when it comes to the adoption of this practice.

The study from Cyware, conducted among cybersecurity professionals at the RSA Conference 2025, finds only 13 percent say their current automation between cyber threat intelligence (CTI) and SecOps tools is working well. Nearly 40 percent day they struggle to coordinate data across critical security tools like Threat Intelligence Platforms (TIPs), SIEMs, and vulnerability management platforms.

Continue reading →

With new threats such as AI-powered attacks, enterprises must be fully prepared and confident about protecting themselves and their customers and build a unified security operations center (SOC) that combines human expertise with AI advancements.

A new report from Splunk looks at the mounting challenges faced by SOCs. It uncovers the pain points that hamper organizations and open their doors to threats -- 46 percent of respondents say they spend more time maintaining tools than defending the organization, while only 11 percent trust AI completely for mission-critical tasks. Furthermore, 66 percent experienced a data breach in the past year, making it the most common security incident.

Continue reading →

The threat landscape is rapidly changing and businesses can no longer simply wait for an attack to be caught by traditional tools or decide how to respond after it occurs.

Mike Mitchell, VP of threat intelligence at Intel 471, has experienced the evolution of threat hunting first-hand as he's been in the industry for decades. We spoke to him to learn more.

Continue reading →

International bad actors -- like fraudsters from Russia and China -- are driving one in eight fraud attempts in the US, seeking everything from access to government services to loans, according to a new report.

During the pandemic, government agencies were flooded with fraudulent applications that went undetected by outdated methods. This study from Socure shows AI-powered technologies are enabling fraudsters to supercharge their efforts, hitting government agencies and commercial entities at once, with relentless speed, and at scale.

Continue reading →

A new study from Comparitech, based on data collected from 2,600 attacks between 2018 and 2023, shows the average time for a US company to report a data breach following a ransomware attack is 4.1 months.

From 2018 to 2023, the average time to report a ransomware breach has increased, rising from 2.1 months in 2018 to just over five months in 2023. Healthcare has the lowest reporting time with 3.7 months, while businesses (4.2 months) and government entities (4.1 months) are similar.

Continue reading →

New research shows that one in 10 prompt injection atempts against GenAI systems manage to bypass basic guardrails. Their non-deterministic nature also means failed attempts can suddenly succeed, even with identical content.

AI security company Pangea ran a Prompt Injection Challenge in March this year. The month-long initiative attracted more than 800 participants from 85 countries who attempted to bypass AI security guardrails across three virtual rooms with increasing levels of difficulty.

Continue reading →