%term

Authenticate Users in Joomla Using the REST API: A Practical Guide for Developers

Dec 30, 2025 By Identity & Access Management (IAM) In miniOrange

Modern Joomla applications are no longer limited to traditional website workflows. Today, Joomla powers mobile apps, headless frontends, third-party integrations, and backend services that rely heavily on REST APIs. In all these cases, secure API authentication becomes a foundational requirement.

Read Post

miniOrange

Read more about Authenticate Users in Joomla Using the REST API: A Practical Guide for Developers

Stop secrets before they leave your laptop (Git hooks + ggshield install)

Dec 30, 2025 By GitGuardian In GitGuardian

Let's look at Git hooks, which is where ggshield really starts paying off in day-to-day developer workflow. Git hooks are built-in automation in Git. When certain events happen, like committing or pushing, Git checks for specific files inside the.git/hooks folder. If a hook file exists, Git runs it automatically. For example, if there’s a file named pre-commit, Git will execute it every time you commit.

View Video

GitGuardian

Read more about Stop secrets before they leave your laptop (Git hooks + ggshield install)

LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025

Dec 30, 2025 By LevelBlue In LevelBlue

Ransomware attacks increased by 17.2% percent year-over-year in 2025, with the group Qlin dominating the threat landscape, according to data generated by the LevelBlue SpiderLabs team. These attacks focused primarily on the manufacturing and technology sectors, with the US by far being the most targeted nation. 2025 continued the trend of yearly increases; however, over the last few years, the rate of attacks has somewhat slowed.

Read Post

LevelBlue

Read more about LevelBlue SpiderLabs: Ransomware Attacks Up 17% in 2025

EP 22 - Security at the speed of innovation: Breaking down legacy barriers

Dec 30, 2025 By CyberArk In CyberArk

How are defenders supposed to keep up when attackers move at the speed of AI? In this episode of Security Matters, host David Puner welcomes Rick McElroy, founder and CEO of Nexasure, for a candid conversation about cybersecurity’s breaking point. Together, they unpack the realities of defending organizations in an era of identity sprawl, machine risk, agentic AI, and relentless automation. Rick shares hard-won insights from decades on the front lines, challenging the myth of perfect defense and revealing why identity remains at the root of most breaches.

View Video

CyberArk

Read more about EP 22 - Security at the speed of innovation: Breaking down legacy barriers

2025 Data Security Insights and Resources to Prepare for 2026

Dec 30, 2025 By Irena Mroz In archTIS

Data security in 2025 was less about reacting to breaches and more about surviving in a world where data is everywhere, attackers are faster, and trust is fragile. While the core goal of protecting sensitive information hasn’t changed, how organizations approach security has evolved significantly.

Read Post

archTIS

Read more about 2025 Data Security Insights and Resources to Prepare for 2026

Third-Party Risk Management: Best Practices and Trends

Dec 30, 2025 By foresiet In Foresiet

In the quiet corners of the darknet, threat actors aren’t always looking for a way to break through your front door. Instead, they’re hunting for the “side door”—the niche cloud provider you use for analytics, the marketing firm with access to your customer data, or the logistics partner with a direct line into your ERP. As we move into 2026, Third-Party Risk Management(TPRM) has evolved from a periodic compliance exercise into a high-stakes game of digital chess.

Read Post

Foresiet

Read more about Third-Party Risk Management: Best Practices and Trends

New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Dec 30, 2025 By KnowBe4 Team In KnowBe4

Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.” The technique, which the researchers call “ConsentFix,” tricks victims into copying and pasting a localhost URL containing an authorization token, then pasting it into a phishing page.

Read Post

KnowBe4

Read more about New ConsentFix Technique Tricks Users Into Handing Over OAuth Tokens

Fraud Team Postmortems and Account Takeover Prevention

Dec 30, 2025 By Ezra M. In Memcyco

Fraud analysts know the pattern too well. After an account takeover incident, the postmortem confirms what happened. A stolen credential was used. A bot executed a replay. A mule account attempted a transfer. Yet the origin of the compromise remains unclear. The postmortem becomes an autopsy on a loss that already occurred. The core issue is the Window of Exposure.

Read Post

Memcyco

Read more about Fraud Team Postmortems and Account Takeover Prevention

What Happens When Outdated App Versions Circulate Unnoticed? How to Regain Control?

Dec 30, 2025 By Rucha Wele In Appknox

Most teams assume that once an update is released, the old version quietly disappears. But mobile distribution doesn’t work that way. Some app stores delay syncing updates. Others keep older APKs accessible. Third-party sites mirror binaries and never refresh them. Certain regions continue serving outdated versions weeks after security fixes go live.

Read Post

Appknox

Read more about What Happens When Outdated App Versions Circulate Unnoticed? How to Regain Control?

Supervised AI Is the Fastest Path to Better Threat Triage ROI

Dec 30, 2025 By Jeff Darrington In Graylog

Security operations teams are under sustained pressure. Alert volumes continue to rise, environments grow more distributed, and experienced analysts remain scarce. Much of the industry conversation around AI focuses on autonomy and fully automated response. That focus skips the most reliable efficiency gains available right now.

Read Post