The External Attack Surface Management (EASM) domain is rapidly growing in importance for businesses across the globe. Organizations must strive to understand the true scope of their attack surface as seen through the eyes of a potential hacker. This is a foundational step in any risk program that CISOs are implementing.

In Continuous Threat Exposure Management (CTEM), risk assessment acts as the central thread that ties all components together, turning raw threat intelligence, vulnerability detection, and external attack surface monitoring into actionable mitigation strategies.

When thinking about cybersecurity, we envision malicious actors working in dark basements, honing their tools to invent cunning new ways to breach our defenses. While this is a clear and present danger, it's also important to understand that another hazard is lurking much closer to home - the insider threat. These attacks have devastated entities in all sectors, with severe repercussions. These incidents can vary from straightforward acts of fraud or theft to more elaborate sabotage attempts.

enabling businesses to proactively uncover vulnerabilities that could otherwise be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

The Digital Operational Resilience Act (DORA) is set to transform how financial institutions across the European Union manage and mitigate ICT (Information and Communications Technology) risks. With the official compliance deadline in January 2025, organizations are under pressure to ensure their systems can withstand and recover from disruptions—an urgent priority in an increasingly digitized financial ecosystem.

Recently, Google made headlines with the announcement of its new quantum chip, Willow, marking another step forward in the fascinating world of quantum computing. The technology promises to solve problems that are currently intractable for classical computers, fueling excitement—and a fair bit of concern—about its implications for cryptography, particularly the widely used RSA encryption.

Cybersecurity involves anticipating threats and designing adaptive strategies in a constantly changing environment. In 2024, organizations faced complex challenges due to technological advances and sophisticated threats, requiring them to constantly review their approach. For 2025, it is crucial to identify key factors that will enable organizations to strengthen their defenses and consolidate their resilience in the face of a dynamic and risk-filled digital landscape.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Quite a swish phishing attack. Someone, somewhere will inevitably fall for it though.

Recent lawsuits have revealed a critical privacy concern for healthcare providers – the sharing of patient data with Facebook through tracking pixels. We wrote this article to help your security and privacy teams assess their risk, identify key stakeholders, and understand the urgency of this issue.