cybersecurity

The latest Threat Insights Report from HP Threat Research reveals how attackers are refining campaigns with professional-looking animations and purchasable malware services.

The report provides an analysis of real-world cyberattacks, helping organizations keep up with the latest techniques cybercriminals use to evade detection and breach PCs in the fast-changing cybercrime landscape.

With attackers moving faster using AI tools and attack surfaces growing more complex, security teams need solutions that remove manual work, deliver secure, context-aware intelligence instantly, and help them shift toward a pre-emptive security model.

This is why Bugcrowd is launching new functionality in the form of Bugcrowd AI Triage Assistant and Bugcrowd AI Analytics, to bring unprecedented speed and intelligence and insights to the process of building security resilience.

Data that was once scattered across sprawling systems and silos -- providing natural obstacles to attackers -- is now concentrated and highly portable within AI models. This fundamental shift redefines the challenge of digital security.

We spoke to Dr. Luigi Caramico, CTO and co-founder of DataKrypto, to discuss how organizations can repond to this challenge.

A new report reveals an increasing disconnect between cybersecurity and compliance priorities and organizational capacity to address them.

The study from Secureframe, based on a survey of 255 security, compliance, and IT professionals, finds security teams are carrying unprecedented responsibility with insufficient resources, manual compliance work is consuming critical time, and the absence of verifiable security credentials is directly impacting revenue.

A new identity fraud report from AU10TIX looks at how fraud is shifting from isolated attempts to adaptive, self-optimizing systems, and the need for early-warning intelligence to reshape the future of fraud prevention amid rapid advances in artificial intelligence and quantum computing.

“Fraud is no longer a static event; it’s a living signal moving through networks and devices,” says Yair Tal, CEO of AU10TIX. “At AU10TIX, we see the daily challenges our customers face as fraud evolves faster than ever. Our mission is to protect them, not just by responding to attacks, but by anticipating them. Our early-warning system helps ensure their businesses stay one step ahead, detecting risk before truth starts to drift.”

The latest Cyber Threat Intelligence Report from Hoxhunt looks at the quantity and quality of threats that bypass firewalls and email filters.

It finds attackers are improving their techniques to create more credible threats which are more likely to slip past defenses. Phishing techniques are improving with cleaner language, more convincing formatting and more believable workflow mimicry.

Security analysts want to capture more events in order to spot threats earlier which requires more detection rules. But doing so risks driving up alert volumes leading to issues with alert fatigue.

The solution is automation which can be used to increase the throughput of alerts and the threat intelligence around these, creating a ‘paranoid’ form of posture management. We talked to Martin Jakobsen, CEO of Cybanetix, to learn more about how this works.
 
BN: What is ‘paranoid posture management’? What does this mean in practice, and how does automation help enable it?
 
MJ: A massive problem for security monitoring is that Security Operation Centres (SOCs) can become overwhelmed by the sheer volume of alerts, as a consequence of which a lot of SOCs end up either ignoring or tuning out low severity alerts. The ideal scenario is to have a big red alert when you have a breach, but the reality is that attackers will make initial forays, and that those telltale signs will be missed. If you’re only looking for the obvious indicators of a breach, incident response is already caught on the back foot.

Modern social engineering attacks no longer begin and end in the email inbox. They move across identity platforms, SaaS tools, and collaboration apps, exploiting gaps between disconnected security products, and employing increasingly sophisticated techniques to evade traditional defenses and reach end users.

To address these threats AI cybersecurity specialist Darktrace is launching a series of enhancements to Darktrace / EMAIL designed to detect and stop attacks spanning communications channels, strengthen outbound email protections and streamline SOC integrations.

Previously, a single dominant group tended to define the cybercrime landscape. Now, several actors sustain large-scale operations, with the number of distinct actors nearly tripling from 33 to 89 since 2020.

The latest Security Navigator report from Orange Cyber Defense shows that in Europe, victims of Qilin and Akira have risen by 324 percent and 168 percent respectively.

Organizations face massive mobile security vulnerabilities as they increasingly embrace BYOD and hybrid strategies. At the same time traditional mobile security tools are failing to mitigate these risks while also compromising employee privacy.

A new report from secure virtual mobile infrastructure firm Hypori, based on a survey of 1,000 global security, risk, mobility, and BYOD decision-makers, finds 92 percent of security and risk leaders are facing challenges in zero trust implementation.

Cybersecurity company Surfshark has reviewed popular file-sharing platforms and finds that the majority of them don’t scan your files for viruses, nor do they protect you from malicious software on their free plans.

Box and WeTransfer, which together have a total of 138 million registered users, do not scan for viruses on free plans but begin scanning files on paid plans. Dropbox, with 700 million registered users, does not offer scanning at all.

New research finds just two percent of organizations with 500+ employees report having no plans or interest in agentic AI. Indeed a significant portion of respondents are already using or interfacing with AI agents for both internal and external tasks.

But the study, from Enterprise Management Associates (EMA), reveals a critical, organization-wide inability to prepare for the identity and security challenges which these autonomous entities introduce.

A growing sense of unease is gripping boardrooms as 88 percent of cybersecurity and information security leaders surveyed at UK and US organizations now express concern about state-sponsored cyberattacks.

The research from IO shows organizations are increasingly aware of the strategic nature of cyber risk and that the geopolitical threat is increasing, with 33 percent of organizations surveyed concerned about an expanded threat landscape targeting their own systems.

Modern security operations centers (SOCs) face a perfect storm of complexity: growing alert volumes, fragmented tools, and pressure to respond faster than ever.

Intelligent operations platform Sumo Logic is announcing new advancements to Dojo AI, its enterprise-grade agentic AI platform for security operations to help security teams reduce alert fatigue, accelerate investigations, and streamline security workflows.

In an era where cyber threats are evolving faster than ever, organizations can no longer rely solely on reactive defences. Offensive security, once a niche practice, is now a strategic imperative.

To better understand this shift, we spoke with Scott Reininga, CEO of Reversec, a cybersecurity firm at the forefront of offensive security innovation. He explains why offensive security is becoming essential, how it differs from traditional methods, and what organizations can do to adopt a more proactive stance.