Articles about cybersecurity

Cloud security company Sysdig has announced the donation of Stratoshark, the company's open source cloud forensics tool, to the Wireshark Foundation.

This move is aimed at fostering innovation within the community, building in the open, and pushing security forward with advanced tools that better understand cloud-native environments.

Continue reading →

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

Continue reading →

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Continue reading →

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. The number of publicly disclosed victims also saw a 24 percent increase from the previous year.

A new report from Black Kite shows this follows a steep rise in the previous period with an 81 percent surge, amounting to a 123 percent increase over two years. Ransomware was responsible for 67 percent of known third-party breaches.

Continue reading →

Although 99 percent of organizations responding to a new survey suffered a security incident tied to human error in the past year, the majority state that they struggle to implement effective, scalable security awareness training (SAT) programs that reduce this risk.

The study from Abnormal AI of over 300 security and IT leaders in the US and UK finds that SAT is widely adopted, with 75 percent of organizations requiring employees to complete training at least quarterly.

Continue reading →

On today's International Anti-Ransomware Day, cybersecurity company SentinelOne has publishes a blog looking at on how ransomware has evolved over the past 10 years.

It highlights how Ransomware-as-a-Service (RaaS) has matured into a scalable, profit-driven model, with revenue-sharing, affiliate recruitment, and performance incentives fuelling rapid expansion across the cybercrime ecosystem.

Continue reading →

Only four percent of organizations worldwide have achieved the 'mature' level of readiness required to effectively withstand today's cybersecurity threats, even as hyperconnectivity and AI introduce new complexities for security practitioners.

The latest Cybersecurity Readiness Index from Cisco shows 86 percent of organizations faced AI-related security incidents last year. However, only 49 percent of respondents are confident their employees fully understand AI related threats, and 48 percent believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks.

Continue reading →

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.

Continue reading →

Thanks to a growth in remote working and the use of SaaS applications enterprise reliance on browsers is growing, but this leaves them open to risks stemming from dangerous employee web behavior.

According to a cybersecurity expert at network security platform NordLayer, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR.

Continue reading →

The latest State of Pentesting report from Pentera reveals that over 50 percent of enterprise CISOs now report using software-based pentesting to support their in-house testing practices.

Based on research conducted by Global Surveyz, the report notes that 50 percent of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

Continue reading →

New analysis by Comparitech shows that government entities remain a frequent target for ransomware gangs.

Of the 39 confirmed attacks -- where the organization publicly acknowledges what's happened -- in April, 21 were on businesses, nine on government entities, six on healthcare companies and three on educational institutions.

Continue reading →

As you'll already know, today is World Passkey Day and the FIDO Alliance has released an independent study of over 1,300 consumers across the US, UK, China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The results are encouraging, they find 74 percent of consumers are aware of passkeys and 69 percent have enabled passkeys on at least one of their accounts.

Continue reading →

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

Continue reading →

Organizations are often using 50 or more different security tools and, even with the help of AI, they need to manually interact with each when investigating cybersecurity incidents.

A new SaaS security Model Context Protocol (MCP) server launched by AppOmni at this week's RSA Conference is designed to let security teams spend less time investigating incidents and more time taking action to fix them.

Continue reading →

A new AI security report from Check Point Software shows how cybercriminals are co-opting generative AI and large language models (LLMs) in order to damage trust in digital identity.

At the heart of these developments is AI's ability to convincingly impersonate and manipulate digital identities, dissolving the boundary between authentic and fake.

Continue reading →