Gang Files: Royal Ransomware
Adam Winston breaks down how attackers, including the Royal Ransomware Group, are moving below the endpoint to hit hypervisors and core infrastructure. It’s a blind spot too many overlook.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Tycoon 2FA Phishing Kit Grows More Sophisticated
Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.
From Vulnerability Management to Exposure Management: The Platform Era Has Arrived
AI has collapsed the vulnerability exploit lifecycle. Adversaries now discover, weaponize, and exploit exposures across hybrid environments in minutes — chaining together misconfigurations, unpatched systems, and stolen credentials to gain rapid access and move laterally across environments. For defenders, the speed of the adversary changes everything.
Digital estate planning: Protect what matters - even after you're gone
As our lives move increasingly online, it’s worth considering what happens to our digital selves after we’re gone. From social media accounts to crypto wallets, our digital footprint now extends far beyond the physical world. Make a plan for your digital legacy today.
API Gateway vs. API Security #apisecurity #cybersecurity #architecture #devsecops
Your API Gateway Is Not an API Security Solution Confusing API management with API security is a costly and dangerous mistake. An API Gateway is a traffic controller, but it has critical blind spots: It authenticates users but doesn't analyze their behavior for malicious intent. It routes traffic but doesn't inspect payloads for complex attacks. It manages access but can't detect business logic abuse.
Why IoT in Your Supply Chain Still Poses a Serious Cyber Risk
In today’s digital economy, every organization—whether a law firm, retailer, or financial services provider—is now part of someone’s critical infrastructure. A dangerous misconception persists: that Internet of Things (IoT) devices and Industrial Control Systems (ICS) are only concerns for industrial or manufacturing sectors. In reality, these technologies are quietly embedded in everyday operations across nearly every industry.
Cato CTRL Threat Research: Two Vulnerabilities in Anthropic's MCP SDK Enable OAuth Token Theft and Supply Chain Attacks
The SolarWinds supply chain attack in 2020 reminded the world how a single weakness in trusted software can have global consequences. That incident reshaped how organizations view software integrity and the importance of securing every stage of the development pipeline.
Cybersecurity vs Cyber Insurance: SMEs Need Both
This is why SMEs should align Cyber Essentials controls with cyber insurance to reduce risk, meet insurer expectations and avoid false trade-offs.
Weekly Cyber Security News 13/11/2025
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! An amazing fraud bust and outcome.
Cyber Insurance for SMEs: Reducing Premiums with Security
When it comes to cyber insurance for SMEs, many small and medium-sized enterprises believe that cyber insurance feels like an optional extra, not a necessity, something to worry about later. This risk-taking attitude is often driven by various common misconceptions: The opposite is often true. Smaller businesses are frequently seen as easier targets due to limited budgets, lean security teams, and less mature cyber defences.