Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Your company invested millions in firewalls and security software, but your greatest vulnerability sits at a desk within your own walls and collects paychecks. Employee-caused security breaches—whether through negligence, lack of training, or malicious intent—account for 68% of data breaches each year. Even a single weak password or misclicked link can open the floodgates to data loss, financial damage, and reputational fallout.

Following on from our recent blog post, Fake CAPTCHAs, Real Threats: How Lumma Stealer Tricks Users into Self-Inflicted Malware, SenseOn has performed an in-depth analysis into recent Lumma Stealer campaigns targeting a range of our customers.

CURRENCY noun (cur· ren· cy): a common article for bartering.

How much innovation could you reinvest in with 80% developer productivity recapture? My guess is: a lot. As a VP of Product at a security company, I’ve seen firsthand how making it easier for developers to manage security findings can help them focus on delivering value faster. Let me share with you about the developer security experience that can transform development workflows for increased productivity.

Let’s face it – cybersecurity in 2025 is a mess. Bad guys keep slipping past our defenses like they’ve got the keys to the front door, and security teams are working overtime just to keep up. In this crazy environment, deception technology has become something of a secret weapon, especially when it’s built into XDR platforms.

Content originally published in Cybersecurity Insiders.

The best way to gauge the current state of an organization’s security posture is often with a blunt lesson, and a Red Team exercise might be the bluntest way to rip off the band-aid to see what security problems exist. That concept is the genesis behind the Trustwave SpiderLabs report Healthcare Sector Deep Dive: Unmasking Security Gaps.

The latest data leaks site (DLS) CYJAX has identified is titled RALord, which constitutes one of 14 new DLSs identified in March 2025 alone. This Ransomware-as-a-Service (RaaS) group appears to be sophisticated and professional, providing services including affiliates, data ransoms, and dark web advertisements. It has been reported that the group is active on at least one cybercriminal forum under the username ‘ForLord’.

Organizations handling payment data face a critical deadline: achieving PCI DSS 4.0 certification by March 31, 2025. The solution is simple: use automated security tools like Feroot PaymentGuard. This helps meet regulations, reduce risks, and protect payment environments.