Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In cybersecurity, an inaccessible tool isn’t just a nuisance: it’s a vulnerability. With the European Accessibility Act tightening regulations across Sweden and the EU, “good enough” design is now a legal and security risk. At Detectify, we’re rebuilding our front-end from the ground up to eliminate any “usability tax” that could lead to missed alerts.

Scammers stole an estimated $17 billion worth of cryptocurrency in 2025, according to a new report from Chainalysis. Notably, the report found that AI-assisted scams stole 4.5 times more money than scams that didn’t leverage AI. “Our analysis reveals that, on average, scams with on-chain links to AI vendors extract $3.2 million per operation compared to $719,000 for those without an on-chain link — 4.5 times more revenue per scam,” the researchers write.

When it comes to disaster recovery and backup plans, understanding the RPO and RTO is crucial as these two critical metrics help signal the level of your overall data security. In short, Recovery Time Objective (RTO) and Recovery Point Objective (RPO) play a critical role in determining how quickly and effectively an organization can bounce back from an IT disaster, safeguarding business continuity, and minimizing potential data and financial losses.

Healthcare remains the most targeted sector for ransomware attacks, with 238 ransomware incidents reported to the FBI in 2024 alone. The Change Healthcare attack demonstrated the cascading impact a single breach can have across the entire healthcare ecosystem, affecting payment processing for providers nationwide and ultimately compromising data on an estimated 190 million individuals.

Model Context Protocol (MCP) servers facilitate the integration of third-party services with AI applications, but these benefits come with significant risks. If a trusted MCP server is hijacked or spoofed by an attacker, it becomes a dangerous vector for prompt injection and other malicious activities. One way attackers infiltrate software supply chains is through brand impersonation, also known as typosquatting—creating malicious resources that closely resemble trusted ones.

Overall, PCI DSS 4.0.1 is a set of 12 requirements distributed over six goals as a security standard for credit cards and debit cards. Not having proper documentation, poor protocols, or insufficient penetration testing may be among the reasons as to why PCI DSS audits fail.

From fake ads to tech support fraud, see how scammers exploit Facebook and how to protect your data and money. Facebook may feel like a safe place to connect, but scammers are increasingly using its ads, posts, and messages to deceive users. Here’s how cybercriminals are turning your feed into a gateway for fraud and what you can do to stay protected. When you open Facebook, you might expect birthday alerts, travel snapshots, or quick messages with friends.

In Oct 2025, a malicious code in AI agent server stole thousands of emails with just one line of code. The package, called postmark-mcp, looked completely legitimate. It worked perfectly for 15 versions. Then, on version 1.0.16, the developer slipped in a tiny change. every outgoing email now included a hidden BCC to an attacker-controlled address. By the time anyone noticed, roughly 300 organizations had been compromised. Password resets, invoices, customer data, internal correspondence.

If privilege has changed, compliance can’t stay static. As organizations accelerate digital transformation, the compliance landscape is shifting beneath their feet—especially when it comes to how privileged access is controlled and proven. Regulatory requirements are multiplying, audit cycles are tightening, and the definition of privileged access has quietly expanded beyond people to workloads, automation, and AI-driven systems.

KuppingerCole has recognized CyberArk identity threat detection and response (ITDR) as a leader across all categories: overall, product, innovation, and market in its 2025 KuppingerCole Leadership Compass for Identity Threat Detection & Response.