In the last few years artificial intelligence has found its way into more and more areas of our world and its progress shows no signs of slowing down.

Of course most things these days need a day to mark their achievements and today is AI Appreciation Day. So, what has AI done for us and what can we expect from it in future? Some industry experts gave us their views.

Continue reading →

Tricking applications into altering their processes or surrendering information is a highly efficient way for attackers to carry out theft or fraud while minimizing the risk of detection.

We asked Mohammad Ismail, VP of EMEA at Cequence Security, to explain how this business logic abuse is carried out and why it’s becoming a growing problem.

Continue reading →

New analysis from CyCognito of over two million internet-exposed assets, across on-prem, cloud, APIs, and web apps, identifies exploitable assets across several key industries, using techniques that simulate real-world attacker behavior.

Techniques used include black-box pentesting using 90,000+ exploit modules, credential stuffing simulations, data exposure detection, etc. The study also used Dynamic Application Security Testing (DAST) to identify runtime web application vulnerabilities, as well as active vulnerability scanning of internet-facing services to detect CVEs, misconfigurations, and exposed assets.

Continue reading →

New research from Specops has analyzed 10 million random passwords from the billion+ breached password list used by Specops Password Auditor and finds that a startling 98.5 percent are weak.

The research defines a ‘strong’ password as having at least 15 characters in length and at least two different character classes. A long password of 15 identical-class characters (for example all lowercase) is easier to crack than one that mixes in digits or symbols.

Continue reading →

Ahead of the summer’s round of cybersecurity conferences Google is announcing a range of new initiatives aimed at bolstering cyber defenses with the use of AI.

Last year the company launched Big Sleep, an AI agent developed by Google DeepMind and Google Project Zero, that actively searches and finds unknown security vulnerabilities in software.

Continue reading →

Encryption adoption has soared to 94 percent, but inconsistent application continues to put sensitive data at risk, finds a new survey.

The study from secure storage maker Apricorn shows that 59 percent of IT security decision makers say encryption has increased, allowing them to better protect their data, including on lost/stolen devices.

Continue reading →

According to a new report 39 percent of security professionals say they struggle to prioritize risk remediation and patch deployment, with 35 percent saying they struggle to maintain compliance when it comes to patching vulnerabilities.

The study from Ivanti also finds 87 percent of security pros feel they do do not have access to the critical data needed to make informed security decisions. In addition 46 percent believe IT teams lack urgency when addressing cybersecurity problems.

Continue reading →

While banks and financial institutions generally have strong defenses, third-party vendors often lack the same levels of security, something that can offer providing attackers indirect access to the institutions they serve.

A new report from Black Kite examines the shifting landscape of cyber threats in the financial sector, highlighting the critical importance of understanding and mitigating the hidden dangers within the vendor ecosystem.

Continue reading →

A new report shows that security leaders have false confidence in their capabilities and employees when it comes to mobile security. While 96 percent are confident their employees can spot a phishing attempt, 58 percent have reported incidents where employees fell victim to executive impersonation scams via text message.

The study from Lookout, of more than 700 security leaders globally, underscores a critical need for organizations to rethink their cybersecurity strategies, particularly around the human-risk factors for social-engineering attacks.

Continue reading →

The manufacturing industry is the most targeted industry for cyberattacks and this has has now been the case for four consecutive years.

A new study from KnowBe4 shows that this combined with the manufacturing sector’s expanding digital footprint is putting operations, intellectual property, and economic resilience at risk from critical vulnerabilities.

Continue reading →

Organizations are continuing to struggle to identify and address security vulnerabilities in hybrid identity systems such as Active Directory, Entra ID, and Okta.

This is among the findings of a new report, from AI-powered identity security and cyber resilience company Semperis, which is based on results from Purple Knight a free Active Directory security assessment tool by Semperis that has been downloaded by 45,000+ organizations.

Continue reading →

Operational technology (OT) can often be a cybersecurity weak spot for enterprises, relying as it does on older hardware and operating systems that are hard to update.

It’s no surprise then that a new report from Fortinet shows there has been a significant increase in the global trend towards corporations planning to integrate cybersecurity under the CISO or other executives.

Continue reading →

The shift to remote work was hastened by the Covid-19 pandemic, pushing companies to quickly adapt to employees working from home. Years later, remote and hybrid work remain common, offering a high degree of flexibility that many workers now take for granted.

Businesses have increasingly begun encouraging employees to return to the office, if only part-time. Leaders point to benefits like easier collaboration, improved team dynamics, and a clearer boundary between work and home life.

Continue reading →

As generative AI tools have become more powerful, affordable and accessible, cybercriminals are increasingly adopting them to support attacks, these range from business fraud to extortion and identity theft.

A new report from Trend Micro shows that deepfakes are no longer just hype but are being used in real-world exploitation, undermining digital trust, exposing companies to new risks, and boosting the business models of cybercriminals.

Continue reading →

Supply chain security company Sonatype has released the Q2 2025 edition of its Open Source Malware Index, uncovering 16,279 malicious open source packages across major ecosystem.

This brings the total number of open-source malware packages Sonatype has discovered to 845,204. Compared to the end of the same quarter last year, the total volume of malware logged by Sonatype has surged 188 percent, underscoring the growing sophistication and scale of attacks aimed at developers, software teams, and CI/CD pipelines.

Continue reading →