Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Transparency in security practices is essential for building trust in today’s interconnected digital world. Organizations that openly share certifications, audit reports, and policies demonstrate a commitment to safeguarding data and adhering to standards. This openness fosters stronger partnerships and sets a benchmark for accountability.

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers at ESET. Additionally, a fifth of these organizations said they’ve experienced three or more cyberattacks. 43% of the organizations surveyed cited phishing attacks as their top concern.

Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass. These messages threaten fines for unpaid toll fees and aim to steal personal and financial information. Security experts warn that these scams are becoming more sophisticated, driven by new phishing tools developed and sold in China.

In the world of cloud-native applications, microservices and Kubernetes have become the backbone of modern software architecture. The scalability, flexibility, and orchestration capabilities provided by Kubernetes have revolutionized how applications are built and managed. However, like any powerful tool, Kubernetes introduces complexity, and with complexity comes risk — particularly in the form of security vulnerabilities.

In a recent webinar on SOAR’s evolving role in security and beyond, I chatted with Andrew Green, Networking & Security Research Analyst at GigaOm. We kicked things off with a brief discussion on Gartner’s Hype Cycle for ITSM report, which described the SOAR category as “obsolete” and prompted some commenters to declare that SOAR is “dead”.

We’re thrilled to announce the general availability of Spark, an AI Test Agent that lowers the entry barrier to white-box fuzz testing. In this blog, we explain how Spark works and share the main results from its beta testing that prove its effectiveness.

Have you ever considered the amount of digital data your organization creates daily? From emails and chats to web browsing and application usage, this data isn’t just an operational byproduct—it’s a baseline of insights that can empower your business to address challenges across security, compliance, and workforce management. An astounding 70% of the world’s data is user-generated.

Even before packets start flowing, enterprise networks are complex, data-intensive repositories of topology, configuration, and state information. This information is often required to solve operational issues—like finding sources of unwanted traffic drops or protocol configuration errors—or to find problems before they become issues. Yet, this valuable information typically goes untapped because getting at it requires too much work.

There was some good, bad, and neutral news when it comes to email threats in December 2024, according to new data compiled by Trustwave SpiderLabs’ MailMarshal email security team. Trustwave SpiderLabs’ PageML, which is used in MailMarshal’s Blended Threat Module (BTM), flagged 19 million malicious URLs for VirusTotal, of which 2.2 million detections were only picked up by Trustwave. The team reported that 25% of all incoming spam emails were in fact phishing attacks of some type.

Not only API authentication and authorization are the crucial aspects of API security when crafting secure software, but they also impact scalability and user experience.