Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this week’s episode of The Future of Security Operations podcast, I'm joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. Josh and I discuss.

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year.

Ransomware has evolved from a distant “I hope it doesn’t happen to us” threat to an insidious, worldwide crisis. Among the sectors most affected is manufacturing, which has found itself more and more in attackers’ crosshairs. Manufacturing has long viewed itself as immune to digital crime, but ransomware attackers have belied this belief.

Let’s face it: The cloud has become the go-to platform for modern infrastructure—and for good reason. Scalability, flexibility, and speed are hard to beat. But as organizations increasingly rely on the cloud to run their critical operations, the threat landscape is evolving just as fast. And attackers? They’re getting smarter, stealthier, and more cloud-savvy by the day. That’s why monitoring cloud network traffic is no longer optional—it’s essential.

Today, Kovrr, the leading global provider of on-demand cyber risk quantification (CRQ) solutions, announced the launch of its CRQ-powered cyber risk register, a first-of-its-kind SaaS-based tool designed to provide security and risk managers (SRMs) with quantified insights that enhance cyber governance, risk, and compliance (GRC) initiatives.

As our reliance on digital devices and technologies has increased, so have concerns about the negative effects of excessive screen time on mental and physical health. As a result, many people are choosing digital detox as a structured way to disconnect, improve well-being, and have greater control over their digital footprint.

Kroll continues to observe widespread attempted initial access through CLEARFAKE via fake CAPTCHA pop-ups across a wide range of industry sectors. As detailed in previous Kroll reporting, CLEARFAKE is a malicious in-browser JavaScript framework deployed on compromised webpages as part of drive-by compromise campaigns. Although CLEARFAKE continues to show the same themes surrounding its use alongside fake CAPTCHA pop-ups, there are also a wide range of nuances that have appeared in the past few months.