Articles about cybersecurity

A new report from AI training company Hoxhunt reveals that AI agents can successfully create more effective simulated mass phishing campaigns than elite human red teams can.

Hoxhunt has been tracking the effectiveness of AI phishing since 2023 when AI was 31 percent less effective than humans. By November 2024, AI was 10 percent less effective than humans via development of Hoxhunt's AI spear phishing agent. As of March 2025 though AI is now 24 percent more effective than human red teams.

Continue reading →

With fraud on the increase and more sophisticated attack methods being used, payments company Visa is turning to AI to help businesses and financial institutions fight back.

It's introducing ARIC Risk Hub, developed by Featurespace -- a company recently acquired by Visa -- which uses adaptive AI to build profiles around genuine customer activity making it easier to spot suspicious actions.

Continue reading →

A new survey of 350 UK and US utility operators reveals that 62 percent of water, water treatment and electricity companies have been affected by cyberattacks in the last 12 months.

The study from Semperis finds that nearly 60 percent of attacks were carried out by nation-state groups

Continue reading →

Despite many organizations reporting significant business gains from using GenAI, data privacy is still a major risk. Notably, 64 percent of respondents to a new survey worry about inadvertently sharing sensitive information publicly or with competitors, yet nearly half admit to inputting personal employee or non-public data into GenAI tools.

The latest Data Privacy Benchmark Study from Cisco, with input from from 2,600 privacy and security professionals across 12 countries, shows an increased focus on investing in AI governance processes, an overwhelming 99 percent of respondents anticipate reallocating resources from privacy budgets to AI initiatives in the future.

Continue reading →

Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to socio-political events such as elections, civil protests and policy disputes, according to the latest DDoS Threat Intelligence Report from NetScout.

Throughout the year, DDoS attacks have been intricately tied to social and political events, including Israel experiencing a 2,844 percent surge linked to hostage rescues and political conflicts, Georgia enduring a 1,489 percent increase during the lead-up to the passage of the 'Russia Bill', and Mexico having a 218 percent increase during national elections.

Continue reading →

As cyberattacks across sectors continue to rise, businesses face pressure to enhance their security postures amid budget restraints and operational challenges.

In the EU, the new Network and Information Security Directive (NIS2) is making it mandatory for companies in Europe -- and those doing business with Europe -- to not only invest in cybersecurity, but to prioritize it regardless of budgets and team structures.

Continue reading →

Lookalike domains, crafted to closely resemble authentic domains, enable a wide range of deceptive activities. By sending emails that appear to originate from trusted sources, attackers can effectively conduct a variety of scams from phishing and social engineering attacks to invoice fraud.

A new report from BlueVoyant looks at how cybercriminals encourage their victims to click on lookalike domains, whilst highlighting the critical need for vigilance and proactive measures to counteract these threats.

Continue reading →

Managing and securing the software supply chain end-to-end is vital for delivering trusted software releases.

But a new report from JFrog finds emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

Continue reading →

Today -- which of course you knew already -- is World Backup Day, an idea that began in 2011 as a reminder from a group of Reddit users who had seen too many people lose their important files. They deliberately picked the day before April Fool's to get across that you’d be a fool not to backup your data.

Although it started a bit of a joke it's become a useful reminder that backups are important and figures in the industry now see it as good for raising awareness. Here’s what some of them think.

Continue reading →

No business is immune from the threat of cyberattack, but when it comes to protecting their most critical and sensitive data many feel they are inadvertently helping attackers through the leaking information.

We spoke to Paul Laudanski, director of security research at Onapsis, to learn about the most common errors and how to guard against them,

Continue reading →

As we approach the 31st March deadline for compliance with the new PCI DSS 4.0 payment security standard, new data from Cequence Security shows automated fraud is increasing with retailers facing 66.5 percent of all malicious traffic.

Using data from real transactions and attack data from Cequence's Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems.

Continue reading →

While Windows remains the most targeted operating system, Linux, once regarded as 'secure by default', has now emerged as the second-most infected OS, according to the 2024 Elastic Global Threat Report.

Linux's expanding use beyond servers has broadened its attack surface. Plus, its open-source nature, while great for developers, can also lead to mistakes and security holes. We spoke to Apu Pavithran, founder and CEO of Hexnode, to find out more about why Linux is being targeted and how it can be defended.

Continue reading →

A new report from Sift reveals an alarming democratization of cybercrime, with 34 percent of consumers seeing offers to participate in payment fraud online, an 89 percent increase over 2024.

The report details how fraudsters openly advertise and sell stolen payment information and fraud services on social media platforms and deep web forums like Telegram, significantly lowering the barrier to entry for anyone to participate in fraudulent activities.

Continue reading →

We're always being encouraged to be greener in our energy usage these days and many people have turned to solar power as a means of doing their bit and reducing their bills.

But the inverter used to convert energy from solar panels to usable household electricity is usually an IoT device and could therefore be vulnerable. New research from Forescout analyzed equipment from six of the top 10 vendors of solar power systems worldwide: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA. It has uncovered 46 new vulnerabilities across three of these inverter vendors, Sungrow, Growatt, and SMA.

Continue reading →

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

Continue reading →