Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On February 19, 2025, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint advisory to disseminate known Ghost (Cring)—(“Ghost”)—ransomware IOCs and TTPs identified through FBI investigation as recently as January 2025. Detailed information about this threat and the associated IOCs and TTPs can be seen in the advisory: Ghost (Cring) Ransomware.

Subdomain takeovers don’t happen because attackers are geniuses. They happen because DNS records get messy. It’s not exactly an exciting gig to track old services or clean up unused subdomains, but ignoring it creates a security hole you can’t afford. Microsoft discovered over 670 vulnerable subdomains in a single audit. On a larger scale, 21% of DNS records out there lead to unresolved content, and 63% of those throw ‘404 not found’ errors.

Developers don’t want to become experts at security, and slowing down for anything is a tough proposition. Security isn’t a problem that will just go away, though.

Unlock the full potential of your IT assets by streamlining operations, enhancing security, and driving organizational success with effective software inventory management.

Building secure applications is about more than just adding security features at the end of the development process. It’s about addressing vulnerabilities and threats as they arise and improving security continuously—right from the start. That’s the power of DevSecOps.

Innovation, specifically the evolution of technology, has always been about expanding what’s possible or simplifying today’s complexity – sometimes both. We saw this with the internet revolution, adoption of cloud computing, remote working, low-code/no-code, and now AI is fundamentally reshaping how teams operate. While these advancements bring opportunities for organizations and push people’s creativity to new limits, they also introduce new risks.

The Digital Operational Resilience Act (DORA) is one of the most significant cybersecurity regulations for financial institutions in the European Union (EU). Failure to comply can have massive consequences, including financial penalties and forced operational downtime, meaning achieving DORA compliance should be a priority for all EU financial institutions. Implementing a comprehensive API security strategy goes a long way toward ensuring compliance with DORA requirements.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Better get patching folks!.

Despite the industry's rapid growth, women account for only 25% of cyber security jobs globally as of 2022, with projections indicating that this could rise to 30% by 2025. However, leadership roles remain markedly underrepresented, particularly in the UK, highlighting persistent gaps in diversity.

If you’re considering a private storage solution for your files online, you may have heard the term zero-knowledge encryption (ZKE). ZKE stands out from other cloud providers because it emphasizes privacy. By choosing cloud storage with zero-knowledge encryption, you are given full control over the security and privacy of your files, and you will protect them from companies like Google, who use your data for profit or to train their AI models.