Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As a security leader, you face an inevitable daily reality: a flood of alerts pouring in from dozens of different tools. Risky sign-ins are flagged in Microsoft 365, weak passwords are pinged from a vault audit, and a separate report identifies which employees failed the latest phishing simulation. While all this information is valuable, most leaders are unable to connect these separate data points to paint a clear, cohesive picture of an individual user’s overall risk.

Ransomware attacks are surging, and Bitsight data shows just how dramatic the rise has been. Our cyber threat intelligence (CTI) researchers observed a nearly 25% increase in unique ransomware victims listed on leak sites in 2024.

Domain-name system (DNS)- based cyber attacks are becoming increasingly complex, and AI will only make managing them even more challenging. According to a recent report, Chief Information Security Officers (CISOs) anticipate a tumultuous season of cyber threats, with low confidence in their abilities to defend against them effectively.

Trustwave SpiderLabs' upcoming report, the 2025 Trustwave Risk Radar Report: Technology Sector, will be released on June 25 and will delve into the threats in the technology industry and how to stay secure. The report, an update on the team’s 2024 Technology Threat Intelligence Briefing and Mitigation Strategies, provides a comprehensive analysis of novel cybercriminal tactics and techniques, identifying the top trends that significantly affect the technology industry.

The cybersecurity landscape has reached a turning point. In this article, George Patsis, CEO of Obrela, challenges the traditional, tool-centric approach to cyber defense and goes through Obrela’s ground breaking approach to: real-time risk management. With cyber threats growing more complex and unpredictable, organizations must shift from reactive threat detection to a context-aware, business-aligned risk management.

The rise of generative AI has fundamentally changed how we work, create, and collaborate. But as organizations rush to integrate AI tools into their workflows, they're inadvertently creating entirely new categories of data risk that traditional security measures weren't designed to handle.

Cybersecurity weaknesses span both software and hardware systems, creating numerous opportunities for exploitation. Among the most common access vectors leveraged by threat actors are phishing attacks and Common Vulnerabilities and Exposures (CVEs). When left unpatched, CVEs can pose significant risks to an organization’s systems, exposing sensitive data and operational assets to potential compromise.

The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.

Your IT department just sent out its annual reminder to complete security awareness training. Employees dutifully clicked through their training modules, passed a short quiz, and checked off the compliance box for another year. Ask yourself, does this process really give you confidence that your organization is prepared to dispel today’s security threats? Well, the odds aren’t in your favor.

I hear a lot these days about SBOMs and how they are going to be the key to supply chain security accountability, to even include a Presidential Executive Order mandating SBOMs in the procurement process for federal agencies. There are multiple areas of research going on in this area, such as this Academic SBOM Repository. But before we get too far down the road, let’s get one thing straight: SBOM isn’t going to save us. It’s a transparency tool, not a solution.