Is it OK to publish PoC exploits for vulnerabilities and patches?
In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof …
Defeating typosquatters: Staying ahead of phishing and digital fraud
It has become a mantra for businesses targeted by hackers to describe the incident as a “sophisticated cyber-attack”. Although true in some instances, the reality is that most …
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
61% of cybersecurity teams are understaffed
The pandemic’s disruption has rippled across the globe, impacting workforces in nearly every sector. However, according to the findings from a survey report from ISACA and HCL …
Pandemic accelerating need for insider risk management
As companies exit the pandemic, security leaders will be challenged with new data security complexities. Remote work over the past year magnified challenges that companies …
Social media feed simulator Fakey teaches users to recognize credible content
As people around the world increasingly get their news from social media, online misinformation has emerged as an area of great concern. Social media feed simulator Fakey To …
New community to gives cybersecurity leaders outside the Fortune 2000 a forum to collaborate
Perhaps due to the nature of the position, the InfoSec leadership roles tend to be solitary ones. CISOs, or their equivalent decision-makers in organizations without the role, …
Apple fixes four zero-days under attack
A week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch …
Kubestriker: A security auditing tool for Kubernetes clusters
Kubestriker is an open-source, platform-agnostic tool for identifying security misconfigurations in Kubernetes clusters. It performs a variety of checks on a range of services …
Secure your cloud: Remove the human vulnerabilities
Training to increase employees’ security awareness and change risky behaviours among end users is important, particularly as the future workplace will be hybrid and many …
Use longitudinal learning to reduce risky user behavior
People ignore information that isn’t relevant to them, which is why IT and HR departments have been approaching security training incorrectly for years. Long-form, all-hands …
Users increasingly putting password security best practices into play
While there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals. While Americans are …
Featured news
Resources
Don't miss
- Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)
- GitPhish: Open-source GitHub device code flow security assessment tool
- Healthcare CISOs must secure more than what’s regulated
- Qantas data breach could affect 6 million customers
- Cybersecurity essentials for the future: From hype to what works