Protecting PII has never been more crucial. In today’s digital world, where data breaches are rampant, ensuring PII data security is essential to maintain trust and compliance with regulations like GDPR and CCPA. PII protection safeguards sensitive personal information, such as names, addresses, and social security numbers, from cyber threats, identity theft, and financial fraud.

In our previous round-up of security research for 2023, we mentioned our surprise at the large volume of 29,000 vulnerabilities that were reported two years ago. But that didn’t prepare us for the astounding 40% increase, reported by Cyber Press, resulting in over 40,000 CVEs that were published over the past year in 2024.

Our recent Africa Cybersecurity Awareness survey has revealed a startling surge in cybersecurity concerns among African users, with 58% of respondents expressing high levels of worry about cybercrime - a figure that has nearly doubled from 29% in 2023. The fear is not unfounded. As highlighted by Interpol's African Cyberthreat Report 2024, the continent has witnessed a significant uptick in cybercrime, along with its financial and social repercussions.

The release of the OWASP Top 10 for LLM Applications 2025 provides a comprehensive overview of the evolving security challenges in the world of Large Language Models (LLMs). With advancements in AI, the adoption of LLMs like GPT-4, LaMDA, and PaLM has grown, but so have the risks. The new 2025 list builds upon the foundational threats outlined in previous years, reflecting the changing landscape of LLM security.

Researchers at Zimperium warn that a large phishing campaign is impersonating the US Postal Service (USPS) to target mobile devices with malicious PDF files. The goal of the campaign is to direct users to a spoofed USPS website designed to harvest personal information. “The investigation into this campaign uncovered over 20 malicious PDF files and 630 phishing pages, indicating a large-scale operation,” the researchers write.

As a former black hat hacker, social engineering and phishing concepts are not new to me. I have used these techniques in my previous life, so I know their effectiveness. Having spent years immersed in the intricacies of social engineering, I’m always looking for new twists on this age-old technique.

You might have visited a website and seen a warning that says: “Your connection is not private.” This often happens when a website’s security certificate has expired. It is a small oversight that can harm a website’s reputation and make visitors think twice before proceeding. For website owners, managing digital certificates manually can be a real challenge. To simplify this process, the ACME Protocol was developed.

Building AI and LLM inference and integrating it in your environment are major initiatives, and for many organizations, the most significant undertaking since cloud migration. As such, it’s crucial to begin the journey with a full understanding of the decisions to be made, the challenges to overcome, and the pitfalls to be avoided along the way.

As a former federal CISO, I’ve observed a persistent and dangerous misconception within government agencies: the belief that smart card authentication eliminates the need for enterprise password and Privileged Access Management (PAM) solutions. This assumption creates critical security vulnerabilities that deserve closer examination.

‍Managing risk is not an isolated process; it involves a series of coordinated efforts, sometimes spanning across teams, to identify threats, mitigate vulnerabilities, and ensure the organization remains resilient.