Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A cyberattack is a malicious and intentional attempt by an individual or organization to compromise the information system of another individual or organization. Attackers use different methods to gain unauthorized access to the victim’s system and steal sensitive data. One of the most innovative types of cyberattacks is known as a ‘Salami attack’. In this attack, criminals steal small amounts of data and funds from multiple accounts over time without being detected.

Cyberattacks are becoming more advanced and threatening with every passing day. Even if you have a reliable security system in place, the risk of cyberattacks remains. Of all the cyberattacks, Ransomware is perhaps the most dangerous because it causes both data and financial loss. It started as simple encryption malware, but over the years, it has turned into a full-scale business model known as Ransomware as a Service (RaaS).

Cross-domain attacks exemplify adversaries’ drive for speed and stealth. In these attacks, threat actors navigate multiple domains such as endpoint, cloud, and identity systems to maximize their reach and impact. Their goal is to exploit the weaknesses in organizations’ fast-growing and complex environments.

In times of geopolitical and economic instability, no organization would consider running without backups, additional support, clear end goals, and company-wide communication. Within business, the wisdom of strength in numbers and power in unity is widely understood. However, when it comes to its cybersecurity – a critical pillar that reputation, safety, and resilience rely upon – the opposite often happens.

One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their APIs across AWS, Azure, GCP, Kong, and Mulesoft. This “ease of use” provides a “wow” moment of immediate visibility.

Apache Tomcat continues to play a central role in hosting Java-based web applications across enterprises, cloud services, and government systems. Its reliability and lightweight architecture make it a go-to choice for developers, but its ubiquity also means that a single vulnerability can have widespread security implications. CVE-2025-55752, disclosed in late 2025, highlights how a subtle processing regression can evolve into a high-impact vulnerability under the right conditions.

Drawing on Obrela’s experience managing complex cyber incidents and supporting national-level assurance programmes, Sebastian Bocquier, Head of DFIR, will present a practical, mission-ready framework that shifts accreditation from a static, one-time checkpoint to a continuous assurance capability embedded throughout NATO’s cloud ecosystem.

Identifying and redacting personally identifiable information (PII) is a critical need for enterprises handling sensitive data. Over 1000 NLP models and tools claim to solve this problem, but an infinite number of options opens a paradox of choice. We compiled this comprehensive comparison that examines ten notable PII detection solutions – their features, use cases, pros/cons, and reported success rates.

Whisper Leak targets remote language models, @acitons/artifact targets GitHub Actions users, and Quantum Route Redirect simplifies phishing.

Today, we’re introducing our Risk Reduction Dashboard. This is a new way for security leaders to quantify their AppSec program’s impact, prioritize high-value fixes, and prove ROI with data-backed insights that go beyond raw vulnerability counts.