Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When most people think about cybersecurity, they picture firewalls, anti-virus software, and complex passwords. But the weakest link isn’t a server or a laptop—it’s a person. Social engineering attacks exploit human behavior rather than technical vulnerabilities, and four techniques dominate the landscape today: phishing, smishing, vishing, and quishing.

Organizations gather massive volumes of threat feed data—IP addresses, hashes, domains, tactics—but these often remain siloed or poorly correlated, leaving high-value alerts buried in noise. When those raw indicators live in separate systems, you end up chasing every alert, missing the bigger picture of coordinated attacks. Your team feels stuck in reactive mode, firefighting low priority alerts while real attackers move freely.

Konstantin (Kostya) Ostrovsky is the Chief Architect at Torq, where he leverages over 18 years of experience in software engineering and architecture. He specializes in cybersecurity, with a background that began with writing Windows Kernel Drivers. Konstantin is also a frequent speaker at software engineering conferences globally. Phishing attacks have evolved significantly in recent years, rendering traditional, rule-based defenses ineffective against sophisticated threats.

By now, you likely know the basics of FedRAMP, especially if you’ve read our robust coverage of the program. But, like all good cybersecurity frameworks, it evolves and changes over time, and our knowledge needs to be updated. One recent development is the 20x pilot program, which entered phase one in March of 2025. What is this pilot program, what does it do, and who is it for? Read on to learn more about 20xP1 and what it means for you.

When CISOs and security teams evaluate a Web Application and API Protection (WAAP) platform, the conversation often starts and ends with technical capabilities. That focus is natural, but it does not reflect the full decision-making process in most enterprises. Security leaders may drive the evaluation, yet true adoption requires building consensus with finance and procurement teams who view the investment through a different lens.

Top tips is a weekly column where we highlight what’s trending in the tech world and share ways to stay ahead. This week, we’re uncovering the truth about app deletion, why removing an app from your phone doesn’t always mean your data is gone, and how to make sure your personal information doesn’t keep following you long after you’ve tapped uninstall. I recently found myself staring at my phone’s home screen. It felt cluttered.

Imagine you just got a new car with a feature that automatically adjusts the air conditioning based on live weather forecasts. To activate it, you need to connect the car to an external weather service. You could take it to the garage, pay someone to configure it, and wait for the job to be done. Or, you could use a built-in assistant that asks you two simple questions and shows you how to set everything up in minutes. That’s the idea behind Cato’s new API Assistant.

“How could they see anything but the shadows if they were never allowed to move their heads?” — Plato, The Republic, Book VII.

Few things are as alarming as discovering that one of your accounts has been hacked. Unfortunately, the reality is that recovering a hacked account is often very difficult – sometimes impossible. Here’s why getting your account back can be unlikely, what risks are involved, and how you can protect yourself from attacks.