
Proven third-party risk management strategies
As cyber threats continue to plague enterprises and the third-party partners and suppliers they work with, organizations that have prioritized the development of a robust …

Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …

How the rise in identity crimes and cyberattacks impacts small businesses
The Identity Theft Resource Center (ITRC) has published a report on the impacts of identity crimes and cyberattacks on small businesses. There are 42 million solopreneurs, …

Ransomware attacks increased 148% in Q3 2021, showing no sign of slowing
SonicWall recorded a 148% increase in global ransomware attacks through the third quarter (Q3) of 2021. With 470 million ransomware attacks logged by the company this year to …

While businesses are ramping up their risk mitigation efforts, they could be doing more
Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk …

Only 2% of IT practitioners are confident in their organization’s ability to reduce API security issues
Cloudentity announced a report conducted by PulseQA, revealing that in the last 12 months, at least 44% of respondents expressed substantial issues concerning privacy, data …

Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …

Active Directory control: How adversaries score even bigger goals via attack paths
Microsoft Active Directory and Azure Active Directory are directory services products used for identity and access management at most major enterprises all over the world. All …

What is wrong with developer security training?
“Turn a developer into a hacker” is a commonly heard call. There are many online courses and trainings that ostensibly teach developers how to write code that’s …

Advice from a young, female CISO: Key lessons learned
Ellen Benaim, the newest CISO at Copenhagen-based SaaS provider Templafy, started her career at the company in June 2018 as technical support, but from the moment she sat down …

Cybersecurity threat landscape growing in sophistication, complexity and impact
The 9th edition of the ENISA Threat Landscape (ETL) report released by the European Union Agency for Cybersecurity highlights the surge in cybercriminality motivated by …

40% of organizations suffered a cloud-based data breach in the past 12 months
Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even …
Featured news
Resources
Don't miss
- Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)
- FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare
- pqcscan: Open-source post-quantum cryptography scanner
- Bitdefender PHASR: Proactive hardening demo overview
- Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)