Since at least May 2023, a financially motivated cyber-crime network has been operating a phishing campaign primarily abusing Google Ads, and occasionally Microsoft Ads to drive traffic to credential-harvesting websites. This campaign – part of which was named “Payroll Pirates” by SilentPush – has remained active, with periodic updates to tactics and target rotations.

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim into copying and pasting a malicious command, then running it on their computer. In the instance observed by Push Security, the phishing page has a pop-up box that appears to be from Cloudflare, instructing the user to press the keyboard shortcuts necessary to open a terminal and run a command.

Penetration testing and auditing are both methods of gaining assurance, but they operate from different angles. A pentest evaluates how well security controls stand up to real-world attack scenarios, while an audit examines whether those controls are designed, implemented, and maintained according to policy or recognised standards.

Queen City Con 2025 highlighted identity, cloud risk, and detection gaps. Learn why defaults and identity sprawl, not zero-days, are still the greatest security threat.

In Teleport 18, we’ve added official support to import Amazon EKS Audit Logs into Teleport Identity Security. This capability allows teams to have visibility into actions performed on Amazon EKS clusters when those actions were not executed via Teleport. Amazon EKS Audit Logs in Teleport Identity Security will be generally available in Teleport 18.3, coming November 2025. Your browser does not support the video tag.

Back in 2022, PCI DSS v4.0 set the stage for a new era of payment security. For the first time, it asked organizations to look beyond their servers and into the browser itself. Then, on April 1, 2025, the “future-dated” requirements, 6.4.3 and 11.6.1, moved from guidance to mandate, decisively shifting attention to mitigating client-side risk. In plain English, the spotlight is now on what’s happening in the browser.

Earlier this week, The Australian broke the news that the Cyber Touhan hacking group stole classified plans for Australia’s new infantry fighting vehicles, a $7B AUD procurement program, in a massive cyber-attack targeting 17 Israeli defence contractors in the supply chain. The attack was carried out by targeting a downstream supplier, MAYA Technologies, exploiting vulnerabilities in their network and peripherals to gain access to sensitive data.

Building a great app used to be quite simple. Get a good team together, come up with exciting features, write the code, and get it out the door as fast as possible. All you needed was to make sure your product met user expectations, as well as compliance requirements like data protection, security, and privacy. The ethical stuff? That was often just a nice-to-have and maybe something for your legal team to check off. But those days are far gone.

Today, data is the engine of modern business. Yet, the threats to that engine — from sophisticated ransomware attacks and cloud misconfigurations to simple hardware failures — have never been greater. For organizations of all sizes, a reliable server backup strategy is more than an IT task — it’s a foundation for survival. Without truly reliable server backup solutions, a single incident can lead to catastrophic downtime, regulatory fines and permanent damage to your reputation.