Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recent research indicates that only 25% of organizations have incident response plans. Without such plans, companies are extremely susceptible to potential cyberattacks, and the stark business reality is that they take much longer to recover. Unfortunately, there are daily examples of major data breaches where a particular company’s incident response could have been managed more effectively.

Emerging between late 2022 and the beginning of 2023, Cloak Ransomware is a new ransomware group. Despite its activities, the origins and organizational structure of the group remain unknown. According to data from the group’s DLS (data leak site), Cloak has accessed 23 databases of small-medium businesses, selling 21 of them so far. Out of these, 21 victims paid the ransom and had their data deleted, 1 declined and 1 is still in negotiations, indicating a high payment rate of 91-96%.

Qilin operates as an affiliate program for Ransomware-as-a-Service, employing a Rust-based ransomware to target victims. Qilin ransomware attacks are often tailored for each victim to maximize their impact, utilizing tactics like altering filename extensions of encrypted files and terminating specific processes and services.

Prompted by a new era of cyber-attacks surging downtime and data breaches, the Digital Operational Resilience Act (DORA) regulation came into force on 17th of January to reshape how organisations approach security, privacy and cybersecurity. Cybercriminals are becoming increasingly daring and creative, with an expected rise in the exploitation of new vulnerabilities in 2025.

In 2024, ransomware continues to be the most prevalent form of cyber-attack, affecting three out of four organisations, according to Veeam. The increasing frequency and sophistication of these attacks are driven by easy access to ransomware kits on the dark web and the significant profits cybercriminals generate through extortion schemes.

If you’re not familiar with Entra, you might still think of it as “the artist formerly known as Azure Active Directory.” While its roots lie in being a cloud-based Active Directory (AD), Entra has evolved far beyond that. The name change reflects its expanded capabilities, making it much more than just AD. Many of our customers leverage Microsoft 365 or other Azure services that rely on the Entra platform.

Zero Trust Network Access (ZTNA) has rapidly become a foundational security strategy for organizations modernizing their IT infrastructure. The increasing distribution of users, devices, and applications makes traditional security measures inadequate. Several solutions offer cloud-based brokers to implement ZTNA, but it’s crucial to understand that these solutions are not created equal. Let’s explore why Cato Networks’ cloud-based ZTNA solution distinctly stands apart.

In financial services, trust is everything. Clients trust you with their data, their money, and their future. But that trust can vanish overnight—especially when a cybersecurity incident exposes weak governance or regulatory non-compliance. In today’s threat landscape, financial institutions are more than just attractive targets for cybercriminals—they’re often the most regulated, most scrutinized, and most unforgiving places for a security slip.

Cyberattacks on supply chains in 2025 have become more frequent and severe, moving from isolated incidents to major multi-sector crises. These crises involve data theft in software patches, ransomware disrupting food, pharmaceutical, and financial pipelines. As attackers target vendors as entry points, defensive measures must adapt. This includes enhanced vendor vetting, code provenance controls, firmware security, and robust third-party risk response.

Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.