Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Breaking News

A Rose by Any Other Name: Exposure Management, a Category that Evolved from Vulnerability Management

As organizations increase their reliance on cloud services, remote work tools, IoT devices and smart infrastructures, and the use of third-party vendors, their exposure to cyber threats increases. Traditional approaches to vulnerability management are unable to keep up with rapidly changing business needs and an expanding attack surface. While scanning and patching known vulnerabilities remains critical, today’s complex threat landscape demands a more comprehensive strategy.

Cybersecurity Leadership in Action: Fireblocks Reaches High NIST CSF Maturity Score

As someone who has spent decades working at the intersection of cybersecurity, innovation, and operational resilience, I’ve seen firsthand how critical it is to build trust in a rapidly evolving digital landscape. At Fireblocks, that trust is not just a goal—it’s a standard we continuously push ourselves to meet and exceed.

Don't Fall Victim: DeepSeek-Themed Scams Are on the Rise

Scammers are taking advantage of the newfound popularity of the China-based AI app DeepSeek, according to researchers at ESET. DeepSeek released its generative AI tool last month, and it’s since overtaken ChatGPT as the top free app in Apple’s App Store. Users are now spotting lookalike domains designed to deliver malware or steal information. Other scams offer users the opportunity to buy phony stocks in DeepSeek.

From Madison Avenue to Malware

In the bustling world of 1960s Madison Avenue, a young advertising executive named Lester Wunderman was about to revolutionize the industry. Wunderman, often called the father of direct marketing, had a simple yet profound insight: personalization was the key to capturing attention and driving action. Wunderman's breakthrough came when he created the Columbia Record Club, a mail-order service that tailored its offerings based on each member's past purchases and preferences. The results were staggering.

Torq Signed the CISA Secure by Design Pledge

At Torq, our commitment to security has always been at the forefront of our mission to empower businesses through our SaaS platform. Today, we’re proud to announce a significant step forward in our security journey: Torq has signed the CISA Secure by Design Pledge. This pledge underscores our dedication to ensuring that our customers can trust our platform to uphold the highest security standards, enabling customers to focus on their goals without concerns about their security posture.

The Only DORA Compliance Checklist You Need

The bad news – if you’re wondering about the DORA compliance date, it already passed on January 17th 2025. The good news? If you’ve been too busy to even think about the EU’s Digital Operational Resilience Act, it’s not too late to score some quick compliance wins. This DORA compliance checklist is your blueprint for establishing not just compliance, but checks and balances for maintaining it.

LLMjacking targets DeepSeek

Since the Sysdig Threat Research Team (TRT) discovered LLMjacking in May 2024, we have continued to observe new insights into and applications for these attacks. Large language models (LLMs) are rapidly evolving and we are all still learning how best to use them, but in the same vein, attackers continue to evolve and grow their use cases for misuse.

What Is Application-Aware Backup?

When it comes to backups, you have a wide range of options to consider for successful and fast data recovery. The options include type of backup, frequency, source, destination, and many others. Nowadays, it’s no longer enough for backup solutions to simply capture files on a disk given that most organizations use servers to run applications. “Inconsistent” file backups are not adequate for optimal recovery time objectives and recovery point objectives.

Yahoo Finance: U.S. Lawmakers Push to Ban China's DeepSeek AI Over Security Risks - Feroot Security Analysis

Washington, D.C. – U.S. lawmakers announced a bill to ban DeepSeek, the Chinese AI chatbot app, from government devices following a security analysis by Feroot Security that revealed alarming privacy and national security risks. The research suggests that DeepSeek collects user data, including digital fingerprints, login credentials, and behavioral information, potentially sending it to servers tied to the Chinese government.

PCI DSS 4.0.1 Compliance for Payment Providers (SAQ D) - How to Ensure Compliance Across Thousands of Payment Pages

Compliance for Payment Providers SAQ D presents unique challenges due to their distributed business model. With payment pages, iframes, and forms embedded across thousands of merchant websites, ensuring consistent security and maintaining PCI DSS 4.0.1 compliance requires sophisticated solutions and strategies.