The EU’s Digital Operational Resilience Act (DORA) has just turned a year old. This regulation represented a fundamental shift in how the financial sector manages ICT risk, moving beyond traditional compliance to demand continuous, demonstrable digital operational resilience. A year on, the focus has changed. Organizations can no longer just avoid cyber incidents. They need to prove they can withstand, respond to, and recover from disruptions quickly and effectively.

Whisper Leak targets remote language models, @acitons/artifact targets GitHub Actions users, and Quantum Route Redirect simplifies phishing.

Remember the early days of remote work? We traded our cubicles for kitchen tables and suddenly, our homes became our headquarters. This shift to the Hybrid Workforce has been incredible for flexibility, but let’s be honest: it tossed the old corporate security playbook out the window. The old way was easy: a big firewall at the office door, and you were safe. Now, that “door” is every employee’s home router, every personal laptop, and every late-night click when fatigue sets in.

Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes that not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.

Building trust is critical for today’s most ambitious businesses. Why? Because companies viewed as trustworthy grow up to four times faster. Yet earning and proving trust remains harder than ever. ‍ As organizations scale, their attack surfaces grow—and so do their tech stacks. Every new tool meant to increase security often fragments it, leaving teams buried in overhead and blind spots.

Identifying and redacting personally identifiable information (PII) is a critical need for enterprises handling sensitive data. Over 1000 NLP models and tools claim to solve this problem, but an infinite number of options opens a paradox of choice. We compiled this comprehensive comparison that examines ten notable PII detection solutions – their features, use cases, pros/cons, and reported success rates.

The best part about my job is that I sometimes get to make some controversial statements. Well, as controversial as things can be in a niche area of cybersecurity like “what is a reasonable measure of vulnerability risk?” Along with my colleague Sander Vinberg we got to explore this question earlier this year at the second Annual VulnCon conference in Raleigh. Even though it’s only been held twice, it is quickly becoming one of my favorite conferences.

MSPs often rely on managed detection and response (MDR) integrations, which provides enterprise-grade security capabilities without the need for in-house analysts or complex infrastructure. As MSPs grow into medium-sized businesses, they typically expand into extended detection and response (XDR) integrations, giving greater visibility across multiple security layers (endpoints, networks and cloud) and more control over how they manage and respond to threats.