%term

Paying the Ransom: A Short-Term Fix or Long-Term Risks?

Dec 3, 2025 By Emma Stevens In BitSight

According to our 2025 State of the Underground report, ransomware attacks rose by nearly 25% in 2024, and the number of ransomware group leak sites jumped 53%. This surge sets the stage for a critical question: if compromised, should you pay ransomware demands or not? The stakes are enormous, including downtime, data loss, brand damage, and legal risk all hang in the balance.

Read Post

BitSight

Read more about Paying the Ransom: A Short-Term Fix or Long-Term Risks?

Sha1-Hulud: The Second Coming of The New npm GitHub Worm

Dec 3, 2025 By Karl Sigler In Trustwave

Sha1-Hulud is back with a new evolution of its supply-chain attack that targets development environments via Node Package Manager (npm). npm is a very popular package manager for Node.js that provides millions of predeveloped packages of code to be used by JavaScript developers for access to millions of packages. This campaign trojans unsecured npm packages with malicious code that is automatically executed when developers using that package update to the trojaned version.

Read Post

Trustwave

Read more about Sha1-Hulud: The Second Coming of The New npm GitHub Worm

KnowBe4 Is a Leader In the Gartner Magic Quadrant for Email Security For the Second Consecutive Year

Dec 3, 2025 By Bex Bailey In KnowBe4

Following its launch in 2024, Gartner has now published the second Magic Quadrant for Email Security —and KnowBe4 is delighted to once again be named a Leader! Email security is critical for all organizations globally. Fueled by factors such as GenAI and crime-as-a-service toolkits, the phishing threat landscape continues to become more sophisticated at an alarming pace.

Read Post

KnowBe4

Read more about KnowBe4 Is a Leader In the Gartner Magic Quadrant for Email Security For the Second Consecutive Year

Inside the Agent Stack: Securing Agents in Amazon Bedrock AgentCore

Dec 3, 2025 By Lana Salameh In Zenity

In the first installment of our Inside the Agent Stack series, we examined the design and security posture of agents built with Azure Foundry. Continuing the series, we now focus on Amazon Bedrock AgentCore, a managed service for building, deploying, and orchestrating AI agents on AWS.

Read Post

Zenity

Read more about Inside the Agent Stack: Securing Agents in Amazon Bedrock AgentCore

The future of workflows: changing how we work across the enterprise

Dec 3, 2025 By Thomas Kinsella In Tines

This is the final post in a three part series examining the past, present and future of workflows. In the first two posts, we explored where workflows came from and what defines an intelligent workflow. This final article looks ahead. The goal is to understand how workflows will evolve in the coming years and why they will become central to how organizations run, make decisions, and adapt.

Read Post

Tines

Read more about The future of workflows: changing how we work across the enterprise

New Criminal Toolkit Abuses Browser Push Notifications

Dec 3, 2025 By KnowBe4 Team In KnowBe4

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” the researchers write.

Read Post

KnowBe4

Read more about New Criminal Toolkit Abuses Browser Push Notifications

2026 Phishing Threat Trends Report Preview

Dec 3, 2025 By KnowBe4 | Human Risk Management In KnowBe4

Ever wondered who answers when you call a cybercriminal? What happens in the aftermath of a Scattered Spider breach? Or why cybercriminals use legitimate platforms to send phishing emails? If so, this is the session for you. Join Jack Chapman, KnowBe4’s SVP of Threat Intelligence, as he pulls back the curtain on these topics. Jack will give you a first look at our latest Phishing Threat Trends Report, walking through attack scenarios and sharing the trends that are shaping the threat landscape.

View Video

KnowBe4

Read more about 2026 Phishing Threat Trends Report Preview

How deepfake scams are fueling a new wave of fraud

Dec 3, 2025 By Avast Blog In Avast

AI deepfakes are making fraud even more sophisticated. Learn how to stay safe from deepfake scams. Scammers are using deepfake technology to replicate your child's voice in a kidnapping hoax, catfish with AI-generated video dates, and impersonate executives to steal millions. Learn how to spot deepfake fraud, and use Avast Scam Guardian to help verify what's real before it's too late.

Read Post

Avast

Read more about How deepfake scams are fueling a new wave of fraud

Is PAM Really Solving Security Problems?

Dec 3, 2025 By Razorthorn Security In Razorthorn

Privileged access management has long aimed to control powerful accounts, yet many environments still carry excessive permissions and weak accountability. Password vaults, rotating credentials and stronger governance place controls around admin accounts, linking PAM, access control and identity security to limit damage when something goes wrong.

View Video

Razorthorn

Security

Read more about Is PAM Really Solving Security Problems?

Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Dec 3, 2025 By Eric Schwake In Salt Security

The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.

Read Post