Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The finance and banking sector across Europe, the Middle East, and Africa (EMEA) faces extraordinary cybersecurity challenges, according to KnowBe4’s Cyber Risk in Finance and Banking Across EMEA report. While digital transformation has revolutionized operations and customer engagement, it has also created vulnerabilities that threaten the stability of the entire financial system.

In recent weeks, the UK government has announced the introduction of its new Cyber Security and Resilience Bill. The bill aims to strengthen cyber defences for organisations that fall within the scope of critical national infrastructure (CNI), including the NHS, energy, water and transport sectors, ultimately making these industries more resilient to increasing cyber threats.

Between 1:48pm ET on October 29 and 6:53pm ET on October 30, 2025, KnowBe4 threat analysts observed a high volume of phishing emails detected by KnowBe4 Defend that were sent from the legitimate domain of one of the world’s largest sportswear brands.

1.8X, that’s how much cloud vulnerabilities have skyrocketed over the past year, fueled not just by attackers but by the routine tweaks teams make every day. Modern vulnerability scanners were built to find everything that looks risky. They just never learned to tell what actually is. Dashboards lit with thousands of “critical” alerts, endless CSVs, and reports that read like alarm bells on repeat. Yet less than 10 percent of those alerts ever lead to a real exploit.

Once again, the npm supply chain has been compromised, putting developers relying on these vital open source components at risk. On November 24th, a sophisticated attack that borrows techniques from the Shai-Hulud malware used in the npm hijacking this past September was discovered. This is not an isolated incident. It’s a continuation of an existing campaign that is now abusing CI/CD pipelines, and GitHub automation to spread faster and steal more secrets than before.

Innovation has always been the engine of American advancement. With the launch of the Genesis Mission, the White House is signaling a new era of AI-accelerated scientific discovery. This executive order directs the Department of Energy to build an integrated, national-scale AI platform designed to unlock scientific breakthroughs across biotechnology, energy, materials, quantum systems, and beyond.

A newly disclosed vulnerability, CVE-2025-61757, exposes Oracle Identity Manager (OIM) to unauthenticated remote code execution (RCE). The flaw affects OIM versions 12.2.1.4.0 and 14.1.2.1.0 and carries a CVSS 9.8 Critical rating. CISA has added it to the Known Exploited Vulnerabilities (KEV) catalog — meaning active exploitation is confirmed.

Security leaders spent most of the past year testing AI driven security automation. Many discovered that the promise of fully autonomous SOC operations collided with the reality of hallucinations, opaque recommendations, and inconsistent outcomes. McKinsey research now shows that more than 80 percent of organizations have not realized meaningful results from gen AI programs.

Brazil has formalized a comprehensive framework for virtual asset service providers (VASP). This is the moment when the rules become operational, enforceable, and aligned with the scale of activity taking place in the country. For institutions already active in Brazil and those evaluating market entry, this is a shift that raises expectations and lowers uncertainty at the same time.

For many organizations, managed detection and response has become an essential service. With threats getting more deceptive and spreading at a faster rate, most IT/security teams are unable to investigate every suspicious event due to a lack of time or resources. This is why many organizations explore MDR, but they often don’t know how much managed detection and response would cost.