Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In January of this year, significant changes to the HIPAA Security Rule were proposed by the Office of Civil Rights for the Department of Health and Human Services (OCR). The proposed update to the HIPAA Security Rule, published on January 6, 2025, introduces a significant new requirement: all covered entities and business associates must conduct penetration testing of their electronic information systems at least once every 12 months.

Gamers of a certain age likely remember the video game Asteroids. You played as a little triangular spacecraft shooting at big space rocks that started traveling towards you slowly at first, then gained speed. As you revolved around trying to protect yourself by shooting them, you inevitably had to make some rapid decisions about which asteroids would harm your ship the most and which ones you could potentially ignore.

In an era where APIs are the connective tissue of enterprise ecosystems, authentication and authorization can no longer be treated as mere checklist items. They must become strategic disciplines—crafted thoughtfully to align security with business velocity, regulatory expectations, and evolving threat landscapes.

Fintech security refers to the protocols, technical controls, and tailored policies that protect financial technology systems, software, and customer data from cyber threats. It ensures confidentiality, integrity, and availability across digital financial services through systems designed to prevent fraud, protect transactions, and detect security events before they cause irreversible harm.

Businesses are at risk of cyberattacks every day. Without careful scrutiny, these threats result in data loss, financial loss, and reputational damage. A comprehensive risk assessment enables the identification and mitigation of vulnerabilities in advance. This guide leads you through the process of performing a risk assessment, defining pain points with workable solutions, and provides you with security tools to improve your overall security posture.

Your company should adopt a Privileged Access Management (PAM) solution to reduce security risks, prevent unauthorized access and gain more control over who can access sensitive data and systems. According to Keeper Security’s Insight Report on Cloud-Based Privileged Access Management, 88% of companies in the U.S. are seeking a cloud-based PAM solution to combat advanced cyber attacks.

Today, the average employee juggles dozens of SaaS apps—each requesting access with a quick click. But how many employees check whether those permissions (granted in moments to boost productivity) might be unlocking sensitive company data? While businesses thrive on the agility and collaboration SaaS tools provide, this convenience can create a frequently overlooked web of user-granted permissions.

APIs serve as the foundation for modern digital innovation, supporting everything from mobile applications to intricate business integrations. However, as their numbers soar, with many companies experiencing annual growth rates of 50-100%, they have also become a significant target for cyber attackers. Relying on "good enough" API security could leave your most vital assets perilously unprotected.

Hazy Hawk uses DNS records to target domains, a new malware campaign delivers fileless Remcos RAT, and threat actors combine AES encryption and malicious npm packages in a novel phishing attack.

The complex nature of the U.S. CLOUD Act (CLOUD Act) presents far-reaching implications for global data governance. In this article, we explore how this pivotal legislation is reshaping compliance requirements, transforming privacy frameworks and challenging traditional concepts of data sovereignty, as well as strategies and technologies to ensure compliance.