Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI-powered triage, faster insights, and the headspace your analysts need If you’re a security leader or analyst within the defence space, you likely brace yourself for a daily battle with alert overload — and you’re not alone. Analysts face a relentless flood of notifications with the majority turning out to be false positives. Studies show that 71% of SOC personnel1 experience burnout and report feeling overwhelmed by alert volume.

Phishing protection refers to the tools, strategies, and technologies used to detect and prevent cybercriminals from impersonating your brand, stealing credentials, and defrauding your customers. As attackers move faster and impersonate more convincingly, brands need more than just domain scans or email authentication to stay protected. Many security and digital teams rely on email filters, takedown services, or brand education to manage phishing risks.

A recent investigation by Modat has revealed a critical healthcare IoT security breach. More than one million healthcare IoT devices and connected medical systems worldwide are currently exposed online, leaking everything from MRI scans and X-rays to eye exams and blood test results. In many cases, these files are stored alongside patients’ names and other identifying details, creating a significant medical device data breach with far-reaching consequences.

On August 6, 2025, Microsoft disclosed a high-severity post-authentication vulnerability affecting on-premises Microsoft Exchange servers configured for hybrid-joined environments, tracked as CVE-2025-53786. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 25-02, requiring federal agencies to patch the vulnerability by Monday, August 11.

Cybercriminals are shifting tactics. Rather than relying solely on ransomware’s tried-and-true method of using encryption to lock files and demand payment to decrypt, many are now instead embracing exfiltration and extortion, with encryption as a secondary tactic. This marks a significant evolution in ransom-based attack methods, one where encryption is optional, but leverage is mandatory.

The Trustwave SpiderLabs CTI team began correlating telemetry from multiple enterprise environments in response to a rapidly developing threat landscape involving the widespread exploitation of Microsoft SharePoint on-premises infrastructure. In this blog, we share key findings from several observed intrusions across our monitored environments.

Organizations regulated by the New York Department of Financial Services (NYDFS) must adhere to 23 NYCRR Part 500, a cybersecurity regulation designed to protect sensitive consumer data and financial systems. Among its core requirements, Section 500.7 specifically focuses on access privileges, requiring financial services companies to implement controls that limit access to nonpublic information based on the principle of least privilege.

Dive into insights from BSides Las Vegas 2025: how identity hygiene, human ecosystems, structural resilience, and unpredictability define modern defenses.

For decades, penetration testing has been the gold seal of cybersecurity. Auditors love them. Insurance brokers demand them. Your board sees them and believes the “secure” box for your company has been sufficiently checked. And to be clear: manual pen tests have an important place. For compliance mandates, regulatory filings, or mission-critical systems, there’s no substitute for a skilled third-party team that probes your environment.

The remote procedure call (RPC) protocol is one of the building blocks of Microsoft Windows and is widely used for inter-process communication between clients and servers. When RPC clients search for a server based only on a universally unique identifier (UUID) of an interface—without specifying an endpoint—they will go through the Endpoint Mapper (EPM). It will connect them to an endpoint that a server registered, exposing the interface the clients are looking for.