Given the reality of today’s cybersecurity, it is of utmost importance to have frameworks and regulations. These help both the customers and the organizations to stay protected against the cyber threats that are around us. On 17th January 2025, the Digital Operational Resilience Act (DORA), formally known as Regulation (EU) 2022/2554, came into full effect.

Researchers at AhnLab Security Intelligence Center (ASEC) recently published a report on the Andariel threat group, a DPRK state-sponsored APT active for over a decade, that has been leveraging RID hijacking and user account concealment techniques in its operations to stealthily maintain privileged access to compromised Windows systems.

The rise of AI in enterprises has expanded the attack surface. Learn how GitGuardian can help you secure non-human identities and prevent unauthorized access.

North Korean hackers target job seekers with Ferret malware, macOS users face a growing threat from infostealers, and actors leverage MS Power BI links for phishing.

Check Point warns that a large-scale phishing campaign is targeting Facebook accounts with phony copyright infringement notices. The phishing emails have targeted more than 12,000 email addresses at hundreds of companies. Nearly all of the emails targeted individuals in the US, the EU, and Australia, though the researchers also observed some phishing templates written in Chinese and Arabic.

A small entrepreneur-led digital marketing agency was having a regular morning with client calls, design presentations, and ad discussions. Suddenly, every team member was locked out of their accounts and couldn’t access their e-mails, cloud folders, or even the company bank account – their data had been taken hostage digitally. This isn’t just a cautionary tale.

Cato announced today that it’s become the first SASE platform vendor to achieve PCI DSS v4.0 compliance. More specifically, compliance with PCI DSS v4.0.1. While particularly significant for retailers handling payment data, PCI DSS v4.0 compliance will also benefit non-retailers strengthening their security posture, reducing risk exposure, and demonstrating compliance with industry best practice.

Following the emergence of data-leak sites (DLSs) for Babuk Bjorka, GD LockerSec, and Morpheus in January 2025, a new extortion group called Kraken and its DLS has been observed in February. Read on to find out what Cyjax knows so far about this new threat group.

In today’s digital landscape, cyber threats are evolving at an unprecedented pace, growing more sophisticated and harder to detect. With each passing day, businesses and individuals alike find themselves navigating an increasingly complex threat environment. This complexity isn’t just about the number of attacks, it’s about their evolving tactics, the widening attack surface, and the sheer difficulty of distinguishing real threats from background noise.

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found.