Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Romance fraud is one of the most sophisticated cybercrimes affecting people online. Every year, thousands of people are exploited through their desire for human connection.

Many teams believe that cross-site scripting, or XSS, is a problem of the past. Modern frameworks promise built-in protections, and developers often assume the browser will handle the rest. The reasoning sounds logical: if React auto-encodes output, XSS can’t happen. However, XSS prevention doesn’t work on assumptions; it works on visibility. We’ve learned that XSS prevention is about maintaining continuous control over the browser environment where your application runs.

Relying on disjointed, manual security processes creates bottlenecks that delay software releases and increase business risk. As development accelerates, security teams struggle to keep pace, leading to a rise in security debt and a greater likelihood of breaches. Investing in the right AppSec tools is no longer a technical decision; it is a strategic business imperative.

Building resilient infrastructure is a must for modern organizations operating across hybrid environments. As applications move between on-premises and the cloud, ensuring data protection and continuity becomes a key priority. Red Hat OpenShift offers a consistent platform for running containerized and virtualized workloads across hybrid environments.

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.

Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. KnowBe4 and the HRM industry have been warning about voice-based social engineering and phishing for decades. Some of the biggest and most notable hacks have long been based on it. Stories have often been told of brazen calls that resulted in big hacks.

Across the financial sector, compliance teams face rising expectations from regulators and customers alike. Agencies such as the SEC, OCC, FDIC, CFPB, and the European Banking Authority now demand proof of continuous compliance—not point-in-time reports. Yet most financial institutions still depend on spreadsheets, manual command-line checks, and tribal knowledge to validate security controls.

Cloudforce One’s mission is to help defend the Internet. In Q2’25 alone, Cloudflare stopped an average of 190 billion cyber threats every single day. But real-world customer experiences showed us that stopping attacks at the edge isn’t always enough. We saw ransomware disrupt financial operations, data breaches cripple real estate firms, and misconfigurations cause major data losses. In each case, the real damage occurred inside networks.

At Bitsight, one of the responsibilities of the Vulnerability Research team is to develop fingerprinting methods to not only identify exposed services, but also vulnerabilities in those services. When it comes to detecting vulnerabilities, there are increased challenges depending on the complexity of both the vulnerability and the vulnerable service.

The obituary for SIEM has been written more than once. The latest headline from Dark Reading calls it “dying a slow death.” Catchy. But wrong. If you work in a SOC, you already know the need for centralized, contextualized visibility is not going anywhere. What is changing the future of SIEM, is how SIEM delivers it. If you are still thinking of SIEM as a clunky, high-cost log hoarder, you are stuck in the wrong decade.