I've spent the last few months talking to partners and prospects across EMEA about the upcoming Cyber Security and Resilience Bill, and there's a common theme: everyone knows it's coming, but most aren't sure where to start. The conversations usually begin with "Is this just another compliance checkbox?" and end with "How do we actually implement this without ripping out our entire infrastructure?" Here's what I've learnt from these discussions.

We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.

In 2025, 36 years after the first ransomware attack was recorded, actors continue to zero in on the public sector, and there is no evidence they will slow down any time soon. In fact, our numbers suggest that ransomware attacks against government organizations are ramping up, causing crippling service outages, massive data loss, reputational damage, public distrust, and financial harm.

Cybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users. Attackers frequently exploit high-profile events to carry out social engineering attacks while people are confused or stressed, as these users are more likely to act without careful consideration.

Netwrix’s culture of innovation thrives on curiosity, collaboration, and accountability. From integrating AI across development and customer experience to fostering cross-team creativity, innovation here moves sideways as much as it does down. During Innovation Week, leaders explore how AI and the 1Secure Platform are redefining data and identity security for the future.

In the high-stakes world of financial services, trust is the cornerstone of every client relationship. But here's the challenge that keeps financial leaders up at night: how do you maintain the stringent security clients demand while delivering the rapid response they expect? It's a delicate balancing act that has become increasingly complex in our digital-first world. The reality is stark. A data breach can trigger a mass exodus, with 33% of clients saying they'd switch providers after a data incident.

Every time someone clicks “accept cookies,” a new layer of risk begins. What appears to be a simple consent interaction can activate dozens of unseen third-party scripts that collect, share, or store user data beyond your control. For marketers, cookies power analytics and personalization. For privacy and security professionals, they often create compliance gaps and data-security blind spots.

Patrick Orzechowski (also known as “PO”) is Torq’s Field CISO, bringing his years of experience and expertise as a SOC leader to our customers. PO is a seasoned security veteran with a deep understanding of the modern security landscape. You can find him talking to SOC leaders and CISOs from major brands at cybersecurity events around the world. Every SOC has an escalation process — but not every SOC has one that is truly effective.

Threat actors are abusing X’s generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by tricking Grok into thinking it’s answering a question, and providing a link in its answer. “In this attack campaign, threat actors circumvent X’s ban on links in promoted posts (designed to fight malvertising) by running video card posts featuring clickbait videos,” ESET says.