cybersecurity

As organizations increasingly rely on third-party vendors, open-source components, and cloud services to bolster efficiency and scalability, they also open themselves to risks.

Historically they've relied on CVSS scores to measure the severity of risks, but a new report from Black Kite suggests that this method alone is not enough.

Google is once again leaning into its Gemini brand, this time with a focus on cybersecurity. You see, the search giant has announced Sec-Gemini v1, an experimental new AI model. It is designed to help security professionals fight back against cyber threats using real-time data and advanced reasoning. Because AI makes everything better, right?

Look, folks, attackers only need to get lucky once, while defenders have to be right every time. That unfortunate imbalance has made cybersecurity a nightmare for many organizations. Google is hoping AI might change that, giving defenders a slight edge.

A new report from AI training company Hoxhunt reveals that AI agents can successfully create more effective simulated mass phishing campaigns than elite human red teams can.

Hoxhunt has been tracking the effectiveness of AI phishing since 2023 when AI was 31 percent less effective than humans. By November 2024, AI was 10 percent less effective than humans via development of Hoxhunt's AI spear phishing agent. As of March 2025 though AI is now 24 percent more effective than human red teams.

With fraud on the increase and more sophisticated attack methods being used, payments company Visa is turning to AI to help businesses and financial institutions fight back.

It's introducing ARIC Risk Hub, developed by Featurespace -- a company recently acquired by Visa -- which uses adaptive AI to build profiles around genuine customer activity making it easier to spot suspicious actions.

A new survey of 350 UK and US utility operators reveals that 62 percent of water, water treatment and electricity companies have been affected by cyberattacks in the last 12 months.

The study from Semperis finds that nearly 60 percent of attacks were carried out by nation-state groups

Despite many organizations reporting significant business gains from using GenAI, data privacy is still a major risk. Notably, 64 percent of respondents to a new survey worry about inadvertently sharing sensitive information publicly or with competitors, yet nearly half admit to inputting personal employee or non-public data into GenAI tools.

The latest Data Privacy Benchmark Study from Cisco, with input from from 2,600 privacy and security professionals across 12 countries, shows an increased focus on investing in AI governance processes, an overwhelming 99 percent of respondents anticipate reallocating resources from privacy budgets to AI initiatives in the future.

Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to socio-political events such as elections, civil protests and policy disputes, according to the latest DDoS Threat Intelligence Report from NetScout.

Throughout the year, DDoS attacks have been intricately tied to social and political events, including Israel experiencing a 2,844 percent surge linked to hostage rescues and political conflicts, Georgia enduring a 1,489 percent increase during the lead-up to the passage of the 'Russia Bill', and Mexico having a 218 percent increase during national elections.

As cyberattacks across sectors continue to rise, businesses face pressure to enhance their security postures amid budget restraints and operational challenges.

In the EU, the new Network and Information Security Directive (NIS2) is making it mandatory for companies in Europe -- and those doing business with Europe -- to not only invest in cybersecurity, but to prioritize it regardless of budgets and team structures.

Lookalike domains, crafted to closely resemble authentic domains, enable a wide range of deceptive activities. By sending emails that appear to originate from trusted sources, attackers can effectively conduct a variety of scams from phishing and social engineering attacks to invoice fraud.

A new report from BlueVoyant looks at how cybercriminals encourage their victims to click on lookalike domains, whilst highlighting the critical need for vigilance and proactive measures to counteract these threats.

Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Today -- which of course you knew already -- is World Backup Day, an idea that began in 2011 as a reminder from a group of Reddit users who had seen too many people lose their important files. They deliberately picked the day before April Fool's to get across that you’d be a fool not to backup your data.

Although it started a bit of a joke it's become a useful reminder that backups are important and figures in the industry now see it as good for raising awareness. Here’s what some of them think.

No business is immune from the threat of cyberattack, but when it comes to protecting their most critical and sensitive data many feel they are inadvertently helping attackers through the leaking information.

We spoke to Paul Laudanski, director of security research at Onapsis, to learn about the most common errors and how to guard against them,

As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

While Windows remains the most targeted operating system, Linux, once regarded as 'secure by default', has now emerged as the second-most infected OS, according to the 2024 Elastic Global Threat Report.

Linux's expanding use beyond servers has broadened its attack surface. Plus, its open-source nature, while great for developers, can also lead to mistakes and security holes. We spoke to Apu Pavithran, founder and CEO of Hexnode, to find out more about why Linux is being targeted and how it can be defended.

A new report from Sift reveals an alarming democratization of cybercrime, with 34 percent of consumers seeing offers to participate in payment fraud online, an 89 percent increase over 2024.

The report details how fraudsters openly advertise and sell stolen payment information and fraud services on social media platforms and deep web forums like Telegram, significantly lowering the barrier to entry for anyone to participate in fraudulent activities.