cybersecurity

New research shows that one in 10 prompt injection atempts against GenAI systems manage to bypass basic guardrails. Their non-deterministic nature also means failed attempts can suddenly succeed, even with identical content.

AI security company Pangea ran a Prompt Injection Challenge in March this year. The month-long initiative attracted more than 800 participants from 85 countries who attempted to bypass AI security guardrails across three virtual rooms with increasing levels of difficulty.

Cloud security company Sysdig has announced the donation of Stratoshark, the company's open source cloud forensics tool, to the Wireshark Foundation.

This move is aimed at fostering innovation within the community, building in the open, and pushing security forward with advanced tools that better understand cloud-native environments.

AI-powered phishing campaigns are bypassing traditional defenses as threat actors flood inboxes with polymorphic phishing, spoofed brands, and new malware families.

New research from the Cofense Phishing Defense Center (PDC) has tracked one malicious email every 42 seconds. Many of these were part of polymorphic phishing attacks that mutate in real-time in order to bypass traditional filters.

A new survey of 200 chief information security officers (CISOs) from across diverse industries and regions finds that 49 percent of CISOs say buyers now factor application security (AppSec) into their purchasing decisions.

The study from Checkmarx shows 24 percent say that application security is 'always' a factor in those decisions. This trend is most pronounced in Europe, where 58 percent of respondents report that security is always a factor, compared to 33 percent in the Asia Pacific region and only eight percent in North America.

Between April 2024 and March 2025, ransomware attacks escalated with unpredictable campaigns across a wide range of industries. The number of publicly disclosed victims also saw a 24 percent increase from the previous year.

A new report from Black Kite shows this follows a steep rise in the previous period with an 81 percent surge, amounting to a 123 percent increase over two years. Ransomware was responsible for 67 percent of known third-party breaches.

Although 99 percent of organizations responding to a new survey suffered a security incident tied to human error in the past year, the majority state that they struggle to implement effective, scalable security awareness training (SAT) programs that reduce this risk.

The study from Abnormal AI of over 300 security and IT leaders in the US and UK finds that SAT is widely adopted, with 75 percent of organizations requiring employees to complete training at least quarterly.

On today's International Anti-Ransomware Day, cybersecurity company SentinelOne has publishes a blog looking at on how ransomware has evolved over the past 10 years.

It highlights how Ransomware-as-a-Service (RaaS) has matured into a scalable, profit-driven model, with revenue-sharing, affiliate recruitment, and performance incentives fuelling rapid expansion across the cybercrime ecosystem.

Only four percent of organizations worldwide have achieved the 'mature' level of readiness required to effectively withstand today's cybersecurity threats, even as hyperconnectivity and AI introduce new complexities for security practitioners.

The latest Cybersecurity Readiness Index from Cisco shows 86 percent of organizations faced AI-related security incidents last year. However, only 49 percent of respondents are confident their employees fully understand AI related threats, and 48 percent believe their teams fully grasp how malicious actors are using AI to execute sophisticated attacks.

A new report from cyber insurance specialist Coalition finds the majority of 2024 claims (60 percent) originated from business email compromise (BEC) and funds transfer fraud (FTF) incidents, with 29 percent of BEC events resulting in FTF.

Ransomware claims did stabilize in 2024 but they remain the most costly and disruptive type of cyberattack.

Thanks to a growth in remote working and the use of SaaS applications enterprise reliance on browsers is growing, but this leaves them open to risks stemming from dangerous employee web behavior.

According to a cybersecurity expert at network security platform NordLayer, some employee activity that may go undetected by security teams can result in confidential data and industry secrets leaks or violations of GDPR.

The latest State of Pentesting report from Pentera reveals that over 50 percent of enterprise CISOs now report using software-based pentesting to support their in-house testing practices.

Based on research conducted by Global Surveyz, the report notes that 50 percent of CISOs now identify software-based testing as a primary method for uncovering exploitable security gaps within their organizations.

New analysis by Comparitech shows that government entities remain a frequent target for ransomware gangs.

Of the 39 confirmed attacks -- where the organization publicly acknowledges what's happened -- in April, 21 were on businesses, nine on government entities, six on healthcare companies and three on educational institutions.

As you'll already know, today is World Passkey Day and the FIDO Alliance has released an independent study of over 1,300 consumers across the US, UK, China, South Korea, and Japan to understand how passkey usage and consumer attitudes towards authentication have evolved.

The results are encouraging, they find 74 percent of consumers are aware of passkeys and 69 percent have enabled passkeys on at least one of their accounts.

The first day of May has numerous competitors for its patronage. It's May Day, of course, and it's International Labor Day, and apparently it's Global Love Day. Since 2013 it's also been World Password Day -- created by Intel to highlight concerns around digital security.

As of last year though there's been further competition from the upstart World Passkey Day. So are we finally seeing a serious challenge to the dominance of passwords as an authentication method?

Organizations are often using 50 or more different security tools and, even with the help of AI, they need to manually interact with each when investigating cybersecurity incidents.

A new SaaS security Model Context Protocol (MCP) server launched by AppOmni at this week's RSA Conference is designed to let security teams spend less time investigating incidents and more time taking action to fix them.