Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Securing Payment Pages: A Complete Guide to PCI DSS 4.0.1 Compliance for SAQ A-EP Merchants

PCI DSS for e-commerce is essential for SAQ A-EP merchants who manage complex payment environments, including custom payment pages, interactive checkout flows, and third-party payment integrations. These merchants—such as SaaS platforms, online retailers, travel booking sites, and digital service providers—must comply with stringent security requirements to protect sensitive payment data.

Understanding the Zero Trust Security Framework: Core Principles and Benefits for CISOs

The Zero Trust Security Framework is a fundamental approach to digital security. It assumes that every user and device is untrusted, requiring continuous authentication. This model helps to protect against the growing number of cyber threats. In this article, we discuss its principles, benefits, and real-world applications.

Understanding Identity Threat Detection and Response

One of the largest data breaches of 2024 didn’t require advanced tactics, techniques, and procedures (TTPs), or an escalating chain of successful attacks. It simply required purchasing credentials on the dark web and using them to log in and steal data, once again highlighting the vital need for robust, proactive protection against the growing surge of identity-based attacks.

Data Gathering in Cybersecurity: Techniques, Best Practices, and Key Questions

In cybersecurity, the ability to gather, analyze, and act on data determines how well an organization can anticipate threats, detect vulnerabilities, and respond to attacks. But not all intelligence is created equal. Knowing what data to collect, where to find it, and how to interpret it is what separates reactive security teams from proactive ones.

BDRSuite vs Proxmox Backup Server: Which Backup Solution is Right for You?

When it comes to protecting your Proxmox virtualized environments, selecting the right backup solution is crucial for ensuring data integrity, minimizing downtime, and optimizing recovery efforts. BDRSuite’s Proxmox Backup and Proxmox Backup Server (PBS) both offer reliable Proxmox backup solutions, but each has its unique features and advantages tailored to different needs.

CIO POV: Five Essential Themes Shaping the CIO's Tech Agenda

Technology is rapidly redefining how we live and work. As CIO at CyberArk, I often get asked about the themes and realities shaping today’s tech agenda. Some of them—I’m looking at you, AI—are shiny and hyped, while others are familiar and fundamental yet equally important. Here’s a look at five on the top of my list.

How's that for a malicious Linkc, new group launches DLS

2024 saw data-leak sites (DLSs) for 72 extortion groups materialise. As of February 2025, Cyjax has identified DLSs for five new groups, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, and Babuk2. The fifth one to emerge goes by the name Linkc. Read on to find out what Cyjax knows so far about this new entrant into the data leak extortion scene.

Bybit Hacked: A Call to Action for Exchanges to Embrace Off-Exchange Settlement

Another major crypto exchange has fallen victim to a hack—this time, Bybit. While the full impact is still unfolding, one thing remains undeniable: storing assets in exchange wallets exposes traders to unnecessary risks. In today’s market, this risk is increasingly unnecessary and manageable, particularly with solutions like off exchange settlement.

Phishing Attacks Increased by Nearly 200% in H2 2024

Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis. “The number of email-based attacks detected in the second half of 2024 increased 197% compared to the second half of 2023, while the number of attacks per organization within the same time frame increased by 21%,” the report says.

Phishing Kit Abuses Open Graph to Target Social Media Users

Researchers at Cyble warn that a phishing kit is abusing the Open Graph (OG) protocol to target social media users. The Open Graph protocol, originally developed by Facebook in 2010, allows users to control the content preview that’s displayed when a link is posted on social media. The phishing kit, dubbed “OG Spoof,” abuses this feature to post malicious links that appear legitimate.