Picture this: You’re at the supermarket, looking for your favorite brand of cereal. But the shelves are empty, staff are frazzled, and the checkout terminals are flickering ominously. That’s not just a supply chain hiccup, it’s a direct result of the latest wave of cyberattacks targeting the UK’s biggest grocery chains.In 2025, major retailers like Co-op, Marks & Spencer, and Harrods found...

Escalating tensions in the Kashmiri conflict between India and Pakistan illustrate a point the Indian government has been driving home for years; it is time to double-down on securing India's critical financial services.As the cornerstone of the nation's stability, the Banking, Financial Services, and Insurance (BFSI) sector was the focus of India's first Digital Threat Report 2024, and offers a ...

As a cybersecurity expert, you are aware that performing static scans is only one part of a good defense-in-depth strategy. Similarly, periodic vulnerability assessments, while valuable, are only a single piece of cyber defense fortification. Continuous Threat Exposure Management (CTEM) establishes a logical setting to control organizational threats proactively. CTEM enables an augmented...

Web Application Firewalls (WAFs) have long served as the front line of defense for web applications, filtering out malicious traffic and enforcing security policies. But as threats grow more sophisticated and application environments become more dynamic, many are questioning whether traditional WAFs are still up to the task. In 2025, with the rise of cloud-native applications, APIs, and machine...

We are in the middle of an AI gold rush. Generative AI (Gen AI) has exploded from research labs into everyday business workflows at breakneck speed. Marketing, software development, customer support, HR, companies across industries deploy Gen AI tools to boost efficiency, automate tasks, and gain an edge.But security trails behind.In the rush to innovate, organizations chase speed and visibility,...

India's Digital Personal Data Protection (DPDP) Act, 2023 is a turning point in how personal data is regulated, managed, and protected across the country. As every industry becomes more digital, this law makes it clear who owns data and who must protect it.The Act introduces a legal imperative and an operational opportunity for SOC managers, CISOs, DPOs, and IT security teams to revisit how data...

Protecting your organization from cyber threats and meeting compliance requirements is simpler than ever with the new Tripwire Enterprise 9.3 release, which includes the following enhancements: IPv6 Support IPv6-Only Support: Now fully compatible with environments that operate exclusively on IPv6. This is helpful to: U.S. Federal agencies that must adhere to OMB Memorandum M-21-07 Organizations...

Mexico is in the middle of a digital revolution.Nearshoring, cloud adoption, e-commerce expansion, and AI-driven automation have helped transform everything from manufacturing plants in Monterrey to financial institutions in Mexico City. In just the last five years, Mexico has seen explosive growth in digital platforms and smart infrastructure, fueling economic momentum and global competitiveness...

As digital transformation sweeps across the healthcare sector, there has never been more at stake. Healthcare data is worth a lot on the black market. Unlike financial data, which has a short shelf life (accounts can be frozen, and fraud alerts issued), medical records stay fresh for a long time.They contain a host of personal information, like medical histories, insurance data, and payment...

How would you like to earn yourself millions of dollars?Well, it may just be possible - if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware.The US Department of State is offering up to US$10 million for information about the government-backed hackers believed to be behind RedLine malware attacks, which...

Adopting Continuous Deployment, an extreme form of software delivery automation, can drastically speed up software delivery, but it also introduces critical security challenges. Some of the most severe, global-scale security breaches of recent years (Solarwinds and Kaseya are just two examples) were related to breaches in software delivery infrastructure.Continuous deployment has the potential to...

If they weren't so harmful to both businesses and consumers, the sophistication of modern phishing would be quite impressive. Today's most invasive cybercriminals have moved beyond the old strategies of generic mass-email scams. They're now leveraging advanced technologies like Artificial Intelligence (AI,) deepfake media, and real-time behavioral analytics to craft highly personalized and nearly...

What is the Interlock ransomware?Interlock is a relatively new strain of ransomware, that first emerged in late 2024. Unlike many other ransomware families it not only targets Windows PCs, but also systems running FreeBSD.If you are impacted, you will find that your files have not only been encrypted but have also had ".interlock" appended to their filenames. For example, a file named report.xlsx...

While NIST frameworks are typically not mandatory for most organizations, they are still being called on to do some heavy lifting to bolster the nation’s cybersecurity defenses.Under the January 2025 Executive Order (EO) on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, the National Institute of Standards and Technology (NIST) was charged, along with several other agencies,...

In January of this year, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR).The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration testing of their electronic information...

Cybercriminals are getting smarter. Not by developing new types of malware or exploiting zero-day vulnerabilities, but by simply pretending to be helpful IT support desk workers.Attackers affiliated with the 3AM ransomware group have combined a variety of different techniques to trick targeted employees into helping them break into networks.It works like this.First, a company employee finds their...

Health-ISAC recently released their 2025 Health Sector Cyber Threat Landscape Report, a comprehensive outline of the malicious activity aimed at healthcare in the previous year. Not surprisingly, ransomware was cited by security professionals in the industry as the number one threat of 2024 and the top area of concern coming into 2025 (followed by third-party breaches, supply chain attacks, and...

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern.According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.Moreover, phishing-delivered infostealers...

Recent research by Comparitech reveals the shocking truth about ransomware attacks on government entities; they have a longer impact than anyone thought. Tracking over 1100 government-targeted ransomware attacks over a period of six years, researchers discovered that each day of downtime cost entities nearly $83,600, and that in each attack the downtime lasted for an average of 27.8 days.Compared...

The proliferation of Internet of Things (IoT) devices - more specifically, security cameras - has forced organizations to rethink how they protect their physical hardware.Security cameras represent some of the most common IoT devices installed in business and commercial environments. Recent estimates suggest the smart camera market is expected to grow at an astronomical rate, reaching a potential...