The latest ENISA reports help inform about threat response and a more effective, risk-based approach to cybersecurity In December 2024, the European Union Agency for Cybersecurity (ENISA) released its first-ever report on the state of cybersecurity in the Union. The report, which was prepared in accordance with Article 18 of the NIS2 Directive, is a comprehensive, evidence-based overview of the cybersecurity ecosystem across EU Member States.

The rise in cyberattacks has become a pressing concern for organizations worldwide, threatening sensitive data, operational continuity, and trust. Cybercriminals are using increasingly complex strategies to attack vulnerabilities in systems and networks in a variety of organizations. By offering safe, segregated virtual networks in the cloud, Amazon Virtual Private Cloud (Amazon VPC) provides a strong defense against these attacks.

2024 has seen a significant uptick in the discovery and exploitation of zero-day vulnerabilities. These unpatched security flaws present a serious challenge to cybersecurity teams, as attackers can exploit them before any patches are available. As a result, zero-day vulnerabilities have become a go-to tool for cybercriminals aiming to infiltrate enterprise networks.

As 2025 progresses into its second week, it has not taken long for a new data-leak site (DLS) for an extortion group to emerge. December 2024 saw the emergence of LeakedData, FunkSec, and Bluebox. This week, the new group goes by the name Morpheus. Read on to find out what Cyjax knows about this new entrant into the extortion scene so far.

Docker security refers to the build, runtime, and orchestration aspects of Docker containers. It includes the Dockerfile security aspects of Docker base images, as well as the Docker container security runtime aspects—such as user privileges, Docker daemon, proper CPU controls for a container, and further concerns around the orchestration of Docker containers at scale. The state of Docker container security unfolds into 4 main Docker security issues.

Credential stuffing is a type of cyberattack where attackers use stolen username and password combinations, often obtained from previous data breaches, to gain unauthorized access to multiple online accounts. The attacker automates the process of trying these combinations across various websites, hoping that users have reused the same login details.

On September 19th, 2024, a critical vulnerability (CVE-2024-40748) was discovered in Joomla version 5.1.4, exposing their website to stored cross-site scripting (XSS) attacks. Stored cross-site scripting (second-order or persistent XSS) arises when an application receives data from an untrusted source and unsafely includes it within its later HTTP responses. This could lead to attackers injecting malicious scripts into the website, which would be executed whenever a user visits a specific page.

Traditionally, approaches to Attack Surface Management (ASM) went something like this: A business scanned its own IT estate to discover assets and understand what its attack surface actually included. We can think of this as Phase I. Following the completion of an asset inventory, they assessed each of their assets to identify risks and vulnerabilities, such as open ports, certificate issues, DNS misconfigurations, and more.

It’s becoming all too common these days: ransomware hitting another organization. However, most people don’t know exactly what happens when ransomware is found and what must be addressed. What makes it even more challenging for healthcare is that the data that can be stolen, like personal health information, is much more valuable than credit card numbers.