A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.

Today, we announced the exciting news that Snyk has acquired Probely, a fast-growing modern provider of API Security Testing and Dynamic Application Security Testing (DAST). With this addition, Snyk now offers a full range of development and application security solutions, with customers immediately benefiting from a broader range of developer friendly testing techniques.

Few industries evolve as rapidly as technology—and the world of cybercrime is no exception. While businesses may hesitate to adopt new technologies due to regulatory pressures or security concerns, threat actors in the cybercrime space – who are free from ethical scruples or legal worries – are constantly innovating. This trend has only accelerated with the rise of Generative AI, which has democratized cybercrime by enabling attackers of all skill levels to launch sophisticated attacks.

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

PCI DSS is a set of requirements that is applied to every small and large organization that accepts, stores, processes, or transmits cardholder data. In particular, PCI DSS for SaaS companies is essential, as these platforms frequently handle sensitive customer information and must adhere to the latest security standards. In 2024, the updated version of PCI DSS 3.2.1, PCI DSS v4.0, became mandatory after being officially released on March 31, 2022, allowing organizations a transition period.

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. In July, the UK's new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested.

As we discussed in the first article in this series, there are many Internet-exposed control systems, but they are very different from traditional IT systems and require a different security approach. With these systems being so critical and controlling processes that can potentially lead to loss of life if they fail, what is being done to tackle this issue? In this article I’ll dive into this and more, looking at.