Articles about cybersecurity

Vishing (voice phishing) attacks have surged by over 1,600 percent so far this year, partly driven by a rise in AI-driven deepfake voice scams.

This is yet another way cybercriminals are seeking to impersonate those with access to company systems to disrupt organizations and hold data for ransom. We spoke to Anthony Cusimano, solutions director at Object First, to discover more about this trend and how businesses are at risk.

Continue reading →

Average security budget growth has slowed to just four percent year-on-year, the lowest rate in five years and a sharp decline from eight percent in 2024.

The slowdown comes in the face of continued global market volatility, driven by geopolitical tensions, uncertain tariff policies, and fluctuating inflation and interest rates, says a new report from IANS Research and Artico Search.

Continue reading →

The latest Threat Detection Report update from Red Canary shows a rise of almost 500 percent in detections associated with cloud accounts during the first half of 2025.

This significant rise stems primarily from Red Canary’s expanded identity detection coverage and the implementation of AI agents designed to identify unusual login patterns and suspicious user behaviors. This includes identifying logins from unusual devices, IP addresses, and virtual private networks (VPNs), which significantly increases the detection of risky behaviors.

Continue reading →

A disconnect between cybersecurity confidence and data reality is leaving organizations exposed, according to a new report released today by Axonius.

The study, based on a survey of 500 US director-level and above cybersecurity and IT leaders, reveals that while 90 percent of cybersecurity leaders say their organization is prepared to take immediate action on a vulnerability, only 25 percent trust all the data in their own security tools.

Continue reading →

New analysis from Forescout of more than 23,000 vulnerabilities and 885 threat actors across 159 countries worldwide during the first half of 2025 finds 47 percent of newly exploited vulnerabilities were originally published before 2025, and zero-day exploitation has increased 46 percent.

The report also shows ransomware attacks are averaging 20 incidents per day, zero-day exploits increased 46 percent, and attackers are increasingly targeting non-traditional equipment, such as edge devices, IP cameras and BSD servers. These footholds are often used for lateral movement across IT, OT, and IoT environments, allowing threat actors to get deeper into networks and compromise critical systems.

Continue reading →

Adversaries are weaponizing GenAI to scale operations and accelerate cyberattacks -- as well as increasingly targeting the autonomous AI agents reshaping enterprise operations. This is among the findings of CrowdStrike’s 2025 Threat Hunting Report.

The report reveals how threat actors are targeting tools used to build AI agents -- gaining access, stealing credentials, and deploying malware -- a clear sign that autonomous systems and machine identities have become a key part of the enterprise attack surface.

Continue reading →

As we reported earlier this week, the UK’s new Online Safety Act has seen a surge in interest in the use of VPNs and an online petition for its repeal has been signed by over 400,000 people.

An article published yesterday by The Critic argues that the legislation is badly drafted. Industry figures too are raising doubts about the effectiveness of the act, its likely wider impact on cybersecurity and its potential for overreach.

Continue reading →

According to new research from Radware 83 percent of credential stuffing campaigns include explicit API-targeting techniques.

The report shows a shift in credential stuffing attacks, underscoring a fundamental transformation from volume-based attacks leveraging a series of repeated password attempts to more sophisticated, multi-stage infiltration techniques.

Continue reading →

As organizations embrace digital transformation and AI, security teams face mounting pressure to defend an ever-expanding attack surface according to a new report.

The research from Cobalt suggests traditional reactive security measures cannot keep pace with modern threats, particularly when adversaries leverage automation and AI to scale their attacks. 60 percent of respondents believe attackers are evolving too quickly for them to maintain a truly resilient security posture.

Continue reading →

A new report from Semperis, based on a study of almost 1,500 organizations globally, shows that hackers are stepping up threat levels and ransomware is still a global epidemic.

In 40 percent of attacks threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand. US-based companies experienced physical threats 46 percent of the time, while 44 percent of German firms experienced similar forms of intimidation.

Continue reading →

A new report looks at the state of post-quantum cryptography (PQC) from the perspective of
cybersecurity professionals, finding that 48 percent of organizations aren’t prepared to confront the urgent challenges posed by quantum computing.

The report from Keyfactor, based on a survey of 450 cybersecurity leaders across North America and Europe carried out by Wakefield Research, finds mid-sized organizations are particularly vulnerable, with 56 percent saying they are not ready.

Continue reading →

Security operations teams often struggle with complex tools, legacy pattern-matching DLP, manual policy tuning, and alert fatigue. This can slow investigations, increase overhead, and reduce security effectiveness.

While traditional DLP solutions aim to tackle these challenges, they require constant human intervention, generate high false positive rates, and often miss sophisticated threats that bypass simple pattern recognition. That’s why Nightfall is launching an autonomous Data Loss Prevention platform.

Continue reading →

Cloud threats are evolving faster than most security teams can respond, and traditional security tools are struggling to keep pace. According to IBM’s 2024 Cost of a Data Breach Report it now takes an average of 258 days to detect and contain a breach -- giving attackers more than enough time to access sensitive data and move laterally through cloud infrastructure undetected.

We spoke to CEO of Upwind, Amiram Schacha, to learn why organizations need real-time visibility and protection at the runtime layer -- where threats actually occur -- in order to close this growing security gap.

Continue reading →

Despite the expanding use of browser extensions, the majority of enterprises and individuals still rely on labels such as ‘Verified’ and ‘Chrome Featured’ provided by extension stores as a security indicator.

However, new research from SquareX points up architectural flaws in how browser security tools work which mean they’re unable to detect or prevent the latest advancements in malicious browser extension attacks.

Continue reading →

A new study reveals that that 90 percent of leaders find managing cyber risks harder today than they did five years ago, resulting in higher reports of burnout (47 percent), including more than one in ten who say they’re on the verge of quitting.

The report from Bitsight shows the leading causes of poor cyber risk management, and therefore burnout, include an explosion of AI (39 percent), and rapidly expanding attack surfaces (38 percent).

Continue reading →