Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s threat landscape, the question is no longer “Will we be attacked?” but “How fast can we detect and respond when it happens?” The unfortunate reality is that many organizations struggle to detect threats in time—often because their tools operate in silos, their teams are overloaded with false positives, and they lack the necessary context to act swiftly and accurately.

With each new version of Windows Server released, comes new security risks. Whilst each update enhances functionality for users, it can sometimes come at the cost of new vulnerabilities. The Centre for Internet Security (CIS) Benchmarks serve as a security baseline, helping both individuals and companies implement best practices for a secure configuration.

Financial services can’t rely on manual review alone. Discover how unified data and explainable AI are helping firms detect risk, reduce cost, and stay ahead of evolving regulations. Financial services organizations are drowning in data. From emails and Bloomberg chats to WhatsApp messages and calls, the need to review communications data to detect potential misconduct and financial crime by employees and third parties is a mandated regulatory requirement for compliance and risk teams in 2025.

In today’s digitally driven world, cybersecurity is no longer just an IT concern, it’s a business imperative. Enter the Chief Information Security Officer (CISO): the executive responsible for overseeing an organisation’s information and cybersecurity strategy. From managing threats and risks to ensuring compliance and resilience, a CISO is critical in protecting a company’s digital assets and reputation.

Tanium plans to bring the power of autonomous endpoint management with real-time visibility to web browsers providing a stronger front against cyber-attacks.

On April 16, 2025, a critical moment unfolded in the cybersecurity world when the U.S. Department of Homeland Security’s funding for the Common Vulnerabilities and Exposures (CVE) Program, operated by MITRE, was set to expire. The CVE system is a globally relied-upon database for cataloging known cyber vulnerabilities and has been a cornerstone of vulnerability management for over 25 years since its public launch in 1999.

On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.

Update to attack framework announced to coincide with recognition as an industry standard The Open Worldwide Application Security Project (OWASP) announced today that the Business Logic Attack Definition Framework (BLADE Framework) has become The OWASP BLADE Framework Project. The name change reflects the acceptance of the attack framework as an OWASP project and recognition of the framework as an industry standard.

The second annual Remediation Operations Report from Seemplicity paints a clear picture: while organizations are investing more in security, they’re not necessarily getting faster or more effective at fixing what matters. This year’s data highlights a growing gap between strategic intent and day-to-day execution. Security leaders want to move faster, collaborate better, and prioritize smarter. But process bottlenecks and legacy workflows keep getting in the way.

A massive power outage struck significant portions of Portugal and Spain at 10:34 UTC on April 28, grinding transportation to a halt, shutting retail businesses, and otherwise disrupting everyday activities and services. Parts of France were also reportedly impacted by the power outage.