There's been a fair bit of hype recently surrounding the potential for ChatGPT and similar tools to be used for creating phishing campaigns, eliminating the typos and other errors that are the giveaways of a scam.

However, new research from Hoxhunt suggests that AI might not be quite so good at going phishing after all.

A new study reveals that 61 percent of mid-sized businesses don't have dedicated cybersecurity experts in their organization.

The research from managed security platform Huntress also shows 24 percent of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack in the past year.

Technology continues to advance at an unprecedented rate. The development and use of Application Programming Interfaces (APIs) being a particularly notable example.

The latest Salt Labs State of API Security report found that overall API traffic increased 168 percent over 12 months, with API attack traffic increasing by 117 percent in the same time period. Perhaps understandably, many CISOs are struggling to keep up.

The latest Identity Exposure Report from SpyCloud shows that last year its researchers recaptured 721.5 million exposed credentials from the criminal underground, and found over 22 million unique devices infected by malware.

Of the exposed credentials recovered by SpyCloud, roughly 50 percent came from botnets, tools commonly used to deploy highly accurate information-stealing malware. These infostealers enable cybercriminals to work at scale, stealing valid credentials, cookies, auto-fill data, and other valuable information to use in targeted attacks or sell on the darknet.

A couple of recent entries on the Microsoft 365 roadmap shed light on what is in store for Outlook. Over the coming weeks, Microsoft has big plans for both the mobile and desktop versions of its email client.

Starting this month, Outlook security is being boosted thanks to the arrival of built-in multi-factor authentication (MFA). And next month, a larger number of Windows users will have access to a preview version of a completely new Outlook app.

With the release of Chrome 111, Google is waving goodbye to the Chrome Cleanup Tool that has been available for a number of years.

After 8 years of service, Google has decided the Chrome Cleanup Tool -- which, the company explains, helps users to "recover from unexpected settings changes, and to detect and remove unwanted software" -- is simply no longer needed.

Cybersecurity is usually viewed as something to be addressed via software. In recent years though we've seen a hardware element start to creep in -- Windows 11's requirement for TPM capability for example.

Can we expect to see more hardware-based security measures? And what benefits do these offer? We spoke to Ed Maste, senior director of technology at the FreeBSD Foundation (the non-profit organization supporting the open source FreeBSD operating system) to find out.

Starting next week, GitHub is going to require active developers on the site to enable at least one form of two-factor authentication (2FA). The security initiative will start with specially selected groups of developers and administrators on March 13.

Until the end of the year, GitHub will begin notifying those who have been selected of the 2FA requirement. As the year progresses, more and more users will be obliged to enable two-factor authentication.

The threat of business email compromise (BEC) is growing year on year and is projected to be twice as high as the threat of phishing in general.

According to a new report from cloud email security platform IRONSCALES, over 93 percent of organizations have experienced one or more of the BEC attack variants in the previous 12 months, with 62 percent facing three or more attack variants.

Secrets are not just login credentials and personal data; they securely hold together the components of the modern software supply chain, from code to the cloud. And because of the leverage they provide they are much sought-after by hackers.

However, many breaches that occurred in 2022 show how inadequate the protection of secrets is. Research from automated detection specialist GitGuardian finds that one in 10 code authors exposed a secret in 2022.

Much of our modern communication relies on satellites, but the data sent between them and ground stations is vulnerable to theft, leaving satellite communications even more accessible than typical internet communications.

Post-quantum cybersecurity company QuSecure has announced that it's achieved an end-to-end quantum-resilient cryptographic communications satellite link.

Password service 1Password is launching a new service that will allow enterprise customers to unlock their 1Password accounts using third-party identity services.

Unlock with Single Sign-On (SSO) automatically provisions and deprovisions employees, with streamlined deployment through the bridge connection for the 1Password SCIM (System for Cross-domain Identity Management).

The latest Annual Trends Report from Jamf, based on a sample of 500,000 devices protected by the company's technology, looks at the threats impacting devices used in the modern workplace and finds social engineering tops the list.

The combination of an increasingly distributed workforce with the relative ease with which bad actors can carry out phishing campaigns, leads to the leakage of user credentials. In 2022, 31 percent of organizations had at least one user fall victim to a phishing attack.

Things have been undeniably chaotic at Twitter since the arrival of Elon Musk, but the social network is still rolling out new features. Next in line for an update are direct messages.

DMs are due to receive a batch of new features and functionality, not least of which is a much-requested security feature -- encryption. But there is much more to look forward to. And if all goes according to plan, the new features will roll out later this month.

In 2023, regulators will throw down a 'reporting gauntlet', and mandate listed companies to disclose cyberattacks in record time. This legislative sea change will not only intensify the need for adequate protections against attacks, but will require companies to identify and report an incident to their shareholders and the Cybersecurity Infrastructure Security Agency (CISA) within 72 hours.

Regulators have taken note that businesses are fighting a losing battle against foreign and domestic cyber criminality, and by introducing more stringent cybersecurity regulation, their focus is to ensure companies treat cyberattacks as an increasingly systemic threat.