Articles about cybersecurity

A new report from Illumio, based on a survey of over 1,100 IT and cybersecurity decision makers, finds that almost 90 percent of leaders have detected a security incident involving lateral movement within the past 12 months.

Each incident involving lateral movement resulted in a global average of over seven hours of downtime. Alert fatigue, along with limited and fragmented visibility, especially across hybrid environments, are two of the top challenges to detecting lateral movement.

Continue reading →

A new survey of more than 1,400 education leaders across primary, secondary and higher education in the UK and US finds that while AI is already integrated into classrooms and faculty work, development of policies and protections needed to manage new risks in schools is lagging.

The study from Keeper Security shows 41 percent of schools have experienced AI-related cyber incidents, including phishing campaigns and misinformation, while nearly 30 percent reported instances of harmful AI content, such as deepfakes created by students.

Continue reading →

The rapid adoption of artificial intelligence (AI) is transforming both attack and defense according to a report released today by crowdsourced security platform HackerOne.

It finds that organizations have expanded their AI program adoption by 270 percent this year, while HackerOne’s platform reported a 540 percent surge in prompt injection vulnerabilities to make them the fastest-growing threat in AI security.

Continue reading →

A new report from Ping Identity finds that 68 percent of consumers are now using AI, up from 41 percent a year ago. But at the same time fewer than one in five (17 percent) say they have ‘full trust’ in the organizations that manage their identity data.

The findings of the study, carried out by Talker Research which interviewed 10,500 consumers across 11 countries, show that 75 percent say they are more concerned about personal data security than five years ago. In addition 39 percent cite AI-driven phishing as the modern scam that concerns them most.

Continue reading →

As White House Executive Orders, NIST mandates, and international deadlines accelerate the push toward post-quantum encryption, the clock is ticking for organizations still grappling with cryptographic debt.

We spoke to Dave Krauthamer, co-founder and field CTO at QuSecure, to learn more about emerging threats, compliance mandates, and mitigation frameworks for organizations looking to get ahead of the coming disruption.

Continue reading →

While businesses continue to depend on email for mission-critical communication, a new report issued by email signature management specialist Exclaimer reveals they're struggling to secure and govern this most essential channel.

The survey of over 4,000 global IT leaders, including 1,000 in the US, and exposes a critical gap: while 86 percent of US IT leaders say more than half of their business communication flows through email, the infrastructure supporting it hasn't kept pace with modern security and governance demands.

Continue reading →

A new survey reveals that 44 percent of all participants admit to having interacted with a phishing message in the last year. Gen Z stands out as the most susceptible demographic, with 62 percent reporting engagement with a phishing scam in the past year, significantly higher than other age groups.

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across nine countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the UK and the US. It explored individuals’ cybersecurity habits in both their workplace and personal lives.

Continue reading →

New research from NowSecure tested 50,000 mobile apps in August and finds over 77 percent contain common forms of PII.

It’s well known that the vast majority of mobile apps are built using third-party components like SDKs. The study finds that 98 percent of iOS apps have incomplete privacy manifests due to omissions relating to third-party components, violating Apple transparency requirements and creating major blind spots.

Continue reading →

It’s inevitable that different parts of the enterprise will pull in different directions. This is particularly true when it comes to the IT world where operational teams like the SOC tend to focus on operational resilience while management and the boardroom worry about compliance.

We talked to Kyle Wickert, field chief technology officer of AlgoSec, about how IT pros can balance the compliance demands of the C-suite while maintaining security across sprawling hybrid environments.

Continue reading →

A new survey from OpenText Cybersecurity reveals that MSPs find AI as both a driver of growth and source of new challenges as as demand for scalable, integrated tools continues to rise.

In 2024, 93 percent of MSPs and managed security service providers (MSSPs) said AI interest would drive growth in their business that year. That trend has carried forward to this year, with 92 percent of MSPs now reporting business growth driven by interest in AI, and 96 percent expecting AI to drive business growth this year.

Continue reading →

The latest Radar report from Gcore finds DDoS attacks have reached unprecedented scale and disruption in 2025, and businesses need to act fast to protect themselves from this evolving threat.

Attack volumes increased by 41 percent compared to Q1-Q2 of 2024, evidencing dangerous long term growth trends predicted in prior Radar reports.  The largest attack peaked at 2.2 Tbps in Q1-Q2, surpassing the 2 Tbps peak recorded in late 2024.

Continue reading →

Vibe coding is currently all the rage, with more than 97 percent of respondents to a survey earlier this year reporting having used AI coding tools at work.

The adoption of these tools only continues to grow but it comes with a catch, attackers are also employing the same techniques. We spoke to Pieter Danhieux, co-founder and CEO of Secure Code Warrior, to discuss how vibe coding is redefining the software development landscape, how malicious actors are also leveraging this technology and the need for organizations to implement secure by design strategies from the outset.

Continue reading →

A new report from Fortinet reveals that despite organizations increasing their data security budgets by 72 percent last year, insider-driven data incidents continue to surge, with 77 percent of companies experiencing at least one breach in the past 18 months.

The study, conducted with Cybersecurity Insiders, exposes a critical disconnect, while security leaders are adopting smarter strategies and securing stronger funding, traditional data loss prevention (DLP) tools are failing to protect against today's sophisticated threats in cloud-heavy, distributed work environments.

Continue reading →

A new report from AI-powered managed extended detection and response company Ontinue shows a sharp rise in MFA-bypassing identity attacks in the first half of the year.

These attacks are using token replay abuse with roughly 20 percent of live incidents involving adversaries reusing stolen refresh tokens to bypass MFA, even after password resets.

Continue reading →

There’s been an 88 percent increase in hardware vulnerabilities amid a proliferation of IoT devices, and 81 percent of security researchers have encountered new hardware vulnerabilities in the past 12 months.

New attack vectors and often forgotten targets like APIs and hardware are vulnerable and should be a key focus for CISOs today according to a new report from crowdsourced security company Bugcrowd, which shows organizations face growing challenges as applications go through multiple development cycles under pressure to release features quickly, often aided by AI-assisted coding.

Continue reading →