Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The financial industry is known for its rigorous and sometimes quirky data retention requirements that can challenge even the most seasoned security expert. For example, FINRA Rule 4511 requires members to "preserve for a period of at least six years those FINRA books and records for which there is no specified period under the FINRA rules or applicable Exchange Act rules." Keeping six years of records: That's no small feat. But it's certainly doable.

Financial institutions, such as banks and trading houses, have a strong interest in recording key transaction activity within their networks. In the face of daunting data storage requirements, many are finding that Corelight’s network metadata—notably metadata produced by Zeek—is the key to a simplified tracking and storage process. Many of our customers used to rely on packet capture (PCAP).

The World Economic Forum’s Global Cybersecurity Outlook 2025 Insight Report paints a bleak picture of what the year ahead holds for technology security teams worldwide. However, some industries are likely to be worse off than others.

Since its introduction into cybersecurity in the late 1980s as a tool for detecting unusual activity, artificial intelligence (AI) has grown in popularity and functionality, with a major surge of adoption happening in the past few years, thanks to its growing ability to perform tasks faster and more accurately than humans. However, AI has never operated in isolation; it has always relied on human input. And any advanced technology that requires human input can be used for both good and bad.

Standing privileges are a ticking time bomb in your cloud environment—and the threat might be closer than you think. Every user with continuous access represents a potential vulnerability, and the financial, reputational, and legal reputations can be severe. Stolen credentials were among the top three reasons hackers gain access to organizations’ systems.

Researchers at Barracuda observed a fourfold increase in ransomware threats last year, driven by increasingly sophisticated ransomware-as-a-service (RaaS) operations. “The developers behind RaaS platforms often have the time, resources, and skills to invest heavily in advanced and evasive toolsets and templates,” Barracuda explains.

Ever since OpenAI publicly released ChatGPT in late 2022, people have been predicting the end of programmers. Supposedly, AI can do anything programmers can do. While I’m not convinced all programmers are going away, I wouldn’t want to be a brand new programmer, and I do think the field is definitely going to change, if not significantly shrink over time. I’m not going out on much of a limb in saying this as almost everyone thinks this. Microsoft CEO Satya Nadella thinks this.

A KnowBe4 Threat Lab Publication Authors: Martin Kraemer, James Dyer, and Lucy Gee Much like sending a phishing email from a compromised account, cybercriminals can boost the deliverability and credibility of their attacks by leveraging legitimate platforms. Notably, there has been a growing proportion sent using the popular accounting software Intuit QuickBooks. Our Threat Research team has observed a 36.5% increase in the use of this platform since January 1, 2025.

A dynamic stack buffer overflow vulnerability in the Abseil C++ library (abseil-cpp) was autonomously identified through AI-enhanced fuzz testing using CI Fuzz’s AI Test Agent and has been fully addressed with a patch. This post dives into the vulnerability, its discovery, and its implications for systems relying on this widely-used library.

Incorrect configurations in digital systems represent a growing security threat, as even minor errors can help set up cyberattacks. These vulnerabilities arise when system, application, or network settings fail to follow security best practices, such as outdated default settings or failures in Cloud services, databases, or firewalls. These can expose your customers to serious risks, such as unauthorized access or theft of sensitive information.