Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As Change Your Password Day rolls around on 1st February, it’s a great opportunity to highlight the importance of secure password practices. While traditional advice has often encouraged frequent password changes, this approach has been reconsidered by cybersecurity experts, including the National Institute of Standards and Technology (NIST). Modern best practices now recommend focusing on creating strong, memorable passwords and using multi-factor authentication (MFA) to enhance security.

CrushFTP—a Java-based, multi-protocol file-transfer server—ships with an Amazon S3–compatible API.

As AI becomes deeply integrated into critical business operations and adopted by increasing numbers of departments and employees, the volume and sensitivity of data flowing into these systems has grown exponentially. Companies now face a dual challenge: harnessing AI's potential while managing the substantial data risks it introduces.

In cybersecurity, speed has always been a big deal. How quickly can you detect an incident? How fast can you respond? But in the rush to act fast, many teams overlook what matters most. Are we actually solving the problem? Incident response is not just about being fast. It's about being effective. It's about making sure the threat is fully understood, resolved, and prevented from coming back.

Law firms manage a vast amount of sensitive information, from merger deals and criminal evidence to intellectual property and personal data, making them prime targets for hackers and malicious insiders. Security breaches can lead to reputational losses, remediation costs, and penalties. That’s why strict IT requirements regulate cybersecurity for law firms.

SC Media and SC Media Europe have each named Trustwave's Managed Detection and Response (MDR) solution as a finalist for the publication's Best Managed Security Service awards. The 2025 SC Awards were judged across 33 specialty categories by a distinguished panel of cybersecurity professionals, industry leaders, and CyberRisk Alliance CISO community members.

Threat actors continue to exploit SMS using social engineering, Node.js misuse results in malware and malicious payload delivery, and fake PDF converters help deliver malware.

When I got the assignment to attend KubeCon 1st of April I thought it was an April prank, but as the date got closer I realized—this is for real and I’ll be on the ground in London at the tenth anniversary of cloud native computing. I’ve seen a lot of tech events during my years in the industry while trying not to get replaced by AI and I have to say this one stands out! Image source: CNCF YouTube Channel Here is my recap of KubeCon + CloudNativeCon Europe 2025.

The Digital Operational Resilience Act (DORA) is a critical regulatory framework introduced by the European Union to enhance the digital resilience of the financial sector. It mandates a uniform set of standards for ICT risk management frameworks, digital resilience capabilities, and third-party service oversight. Enforceable by European supervisory authorities, DORA ensures that all covered entities can respond to and recover from major ICT-related incidents, including cyber attacks.

ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software updates, or fraudulent security prompts.