Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Many of our customers ran into an issue where they’d receive questionnaires via third-party vendor portals and would need to import them into the Vanta app. Since these portals lacked spreadsheet export, their only option was to manually copy and paste questions into a spreadsheet before uploading it to Vanta.

On October 11, 2025, Oracle released an emergency fix for a high-severity information disclosure vulnerability in Oracle E-Business Suite (EBS), tracked as CVE-2025-61884. The flaw exists in the Runtime UI component of Oracle Configurator and allows remote unauthenticated threat actors to access sensitive resources. Oracle has not confirmed a link between this vulnerability and the extortion emails received by some Oracle EBS customers from the Cl0p ransomware group in recent weeks.

Job scam texts are blowing up phones everywhere, and they’re only getting sneakier. Stay one step ahead by keeping the fakes out, and help keep your information safe with Avast Mobile Security. You’re in line for coffee when your phone buzzes: “Hi! We reviewed your profile for a remote job. $1,200/week, no experience needed! Text YES to learn more.” Looks tempting at first glance, right? But if your scam radar isn't going off yet, it should be.

A new report warns of a significant spike in SMS phishing (smishing) scams targeting younger Americans between 18 and 29 years old. The report, released by Consumer Reports, Aspen Digital and the Global Cyber Alliance, also found that 30 percent of people who experienced a cyberattack or scam this year said it began over a text message or a messaging app, compared to 20 percent last year.

Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee. Job seekers are particularly vulnerable to scams, since they’re expecting to receive unsolicited messages and are more likely to overlook red flags. The researchers offer the following advice to help users avoid falling for these attacks: The researchers conclude that awareness is an essential layer of defense against social engineering attacks.

We’ve come a long way. We’ve deconstructed the problem, explored the complexity of humans, and laid out a strategic framework and a practical map—all of which can be explored in more detail in our Human Risk Management (HRM) whitepaper. Now for the final piece of the puzzle: the engine. A strategy this dynamic and personalised can't run on spreadsheets and manual effort alone. It needs to be powered by an intelligent, integrated platform.

The Digital Operational Resilience Act (DORA) is a legislative measure of the European Union designed to enhance the digital operational resilience of financial institutions. It has been in effect since January 17, 2025. Drafted to ensure that banks, insurance companies, and other financial intermediaries, as well as stock exchanges and trading platforms, can withstand, respond to, and recover from ICT (Information and Communication Technology) disruptions.