Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Cyber Resilience Act (CRA) introduces a much-needed framework for standardizing the cybersecurity practices of companies operating in the European Union (EU). The regulation sets clear expectations for hardware and software manufacturers, developers, and distributors, outlining how they should manage and address vulnerabilities at every stage of the product lifecycle.

The energy sector plays a crucial role in national security by ensuring the delivery of essential infrastructure services and supporting transportation systems. Acknowledging the need to safeguard this vital industry, Trustwave SpiderLabs has published the highly detailed 2025 Trustwave Risk Radar Report: Energy and Utilities Sector. The primary report is joined by two specialized supporting pieces of research focusing on these critical areas of concern.

The energy sector is a cornerstone of national security, ensuring the delivery of critical infrastructure services and supporting transportation systems. Recognizing the importance of protecting this vital industry, Trustwave SpiderLabs has released the comprehensive 2025 Trustwave Risk Radar Report: Energy and Utilities Sector.

The Greek philosopher Aristotle once remarked, “Excellence is never an accident. It is always the result of high intention, sincere effort, and intelligent execution.” When you’re winning, the thrill is undeniable. Success, whether in the casino or on the basketball court, requires focus and discipline. It’s a feeling like no other when everything finally clicks.

If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.

Cloud Access Security Brokers (CASBs) are essential tools for many enterprises, acting as intermediaries between users and cloud services to provide visibility, enforce security policies, and ensure compliance. While CASBs excel at managing traditional SaaS (Software-as-a-Service) applications, they fall short when it comes to detecting and managing the use of AI tools within an organization.

When organizations adopt remote work, they face increased cybersecurity risks. Privileged Access Management (PAM) helps mitigate these risks by reducing the attack surface, minimizing insider threats, and providing enhanced visibility and monitoring capabilities. Continue reading to learn the cybersecurity risks unique to remote work environments and how PAM helps address them.

Service accounts are nonhuman privileged accounts used by systems or applications to perform certain tasks, access resources or run processes. These accounts are typically given only the permissions they need for a specific job. According to ReliaQuest, 85% of data breaches between January 2024 and July 2024 that organizations responded to involved compromised service accounts. To prevent the misuse of credentials, organizations should secure their service accounts.

The landscape of artificial intelligence (AI) governance is undergoing significant changes, particularly as it relates to the rise of AI Agents—autonomous systems that can independently make decisions and execute tasks. Recently, a key executive order on AI safety was rescinded, which previously required developers to share safety test results with federal agencies and mandated comprehensive assessments of AI-related risks.

The Network and Information Security Directive (NIS2 Directive) is an important piece of European Union legislation aimed at bolstering cyber security across the member states. NIS2 officially came into force on 17th October, and while some EU member countries have met this deadline, many are still working to fully transpose the legislation.