Splunk Attack Analyzer Introduces Built-in Translation and Achieves SOC 2 Compliance
We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Stop writing dumb AI security policies: use threat models, not fear
Every time someone asks me about building their AI policy, I die a little inside. Not because it’s a bad question, but because my answer is always the same: “Can we not build it off pure fear for once?” Most people don’t understand how AI architecture works, so their first instinct is to panic. And, we’ve seen this movie before: cloud, mobile, bring your own device (BYOD).
A Pressing Matter Part I - The Simplification of Ransomware Crime Development Through Cybercriminal Forums
Five centuries after the printing press was invented, the digital age began. With significant revolutions in knowledge dissemination, the era taking place now has seen vast amounts of information become instantly accessible. Whilst this is generally seen as a positive in most countries worldwide, malicious intentions persist across the digital world.
Credential Theft Campaign Targets Legal Sector via Spoofed Emails Delivering Malicious HTM File Mimicking O365 Login Page
Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute-force and spearphishing techniques. Threat actors initially attempted to brute-force multiple user accounts. After those efforts were unsuccessful, they pivoted to spearphishing by sending spoofed emails that appeared to originate from internal users. These emails used the subject line “Reminder-Your-to-do-list” and contained a malicious.HTM attachment.
Inside Qilin's New Legal Pressure Tactic: How 'Call a Lawyer' Increases Ransomware Success
In the cybercrime ecosystem, innovation often comes in disturbing forms. The ransomware group Qilin—already notorious for offering a full suite of extortion tools to affiliates—has introduced a new feature that elevates psychological warfare to a new level: a “Call a Lawyer” button. This isn’t satire. This is real social engineering, now backed with actual legal threats.
How Secure Is WhatsApp in 2025? [Appknox's Pentesters Reveal 5 Critical Vulnerabilities]
June 2025 has seen WhatsApp back in the headlines—this time for all the wrong reasons. Earlier this month, The National broke the story: WhatsApp’s security is under renewed scrutiny following revelations that Israel remains the only known actor to have successfully exploited it. But if history has taught us anything, it’s this: if one nation-state can do it, others may follow. At Appknox, we decided to verify the current state of WhatsApp’s mobile app security for ourselves.
Why Omdia recommends Extended Access Management to simplify compliance
Omdia, a global analyst and advisory leader, recently released a report called “How Extended Access Management (XAM) closes the gaps in security.” This report describes how existing approaches to access management have failed to address the security, budgetary, and compliance risks posed by unmanaged identities, applications, and devices.
ISO 27001 certification: Cost, process, timelines and implementation in 2025
In this article Businesses looking for serious compliance street cred often turn first to ISO 27001. ISO 27001 is a globally recognized framework that outlines and defines information security management system (ISMS) requirements. Because being ISO 27001 certified demonstrates an organization meets best practices for information security, ISO certification can give businesses a significant competitive advantage. If you’re weighing ISO 27001 vs.
5 Ways Regulatory Changes Are Shaping Data Security Strategies
Today's regulations and info edicts aren't just red tape-they're rewriting the rules of how you protect data, especially as you swim through the web. From breach reporting to global privacy laws, keeping up with compliance updates can help you walk through a smarter, faster security game for your personal and professional interests. This is why, if you're handling and managing sensitive info-or just want to avoid fines and fallout-here's how the latest legal shifts are reshaping how you can secure what matters most.
SquareX Reveals that Employees are No Longer the Weakest Link, Browser AI Agents Are
PALO ALTO, Calif., June 30, 2025 - Every security practitioner knows that employees are the weakest link in an organization, but what if this is no longer the case? SquareX's research reveals that Browser AI Agents are more likely to fall prey to cyberattacks than employees, making them the new weakest link that enterprise security teams need to look out for.