The Digital Operational Resilience Act (DORA) is one of the most significant cybersecurity regulations for financial institutions in the European Union (EU). Failure to comply can have massive consequences, including financial penalties and forced operational downtime, meaning achieving DORA compliance should be a priority for all EU financial institutions. Implementing a comprehensive API security strategy goes a long way toward ensuring compliance with DORA requirements.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Better get patching folks!.

Despite the industry's rapid growth, women account for only 25% of cyber security jobs globally as of 2022, with projections indicating that this could rise to 30% by 2025. However, leadership roles remain markedly underrepresented, particularly in the UK, highlighting persistent gaps in diversity.

If you’re considering a private storage solution for your files online, you may have heard the term zero-knowledge encryption (ZKE). ZKE stands out from other cloud providers because it emphasizes privacy. By choosing cloud storage with zero-knowledge encryption, you are given full control over the security and privacy of your files, and you will protect them from companies like Google, who use your data for profit or to train their AI models.

Read also: Dutch police dismantled 127 servers of bulletproof hosting Zservers, India busts cybercriminal syndicate, and more.

The foreach loop in PowerShell enables you to iterate through all the items in a collection and execute a block of code for each element. For example, you can use a foreach loop to create a list of all files in a directory for an audit, display all the processes running on the system, or move old files to an archive. This article details the syntax of the PowerShell foreach loop and explores common use cases, complete with example scripts.

Like me, I’m sure you’re keeping an open mind about how Generative AI (GenAI) is transforming companies. It’s not only revolutionizing the way industries operate, GenAI is also training on every byte and bit of information available to build itself into the critical components of business operations. However, this change comes with an often-overlooked risk: the quiet leak of organizational data into AI models.

Today, fraud schemes don’t follow predictable patterns. Enterprises are up against AI-generated deepfake attacks, multi-stage social engineering, and impersonation scams that exploit gaps in traditional fraud prevention strategies. And they know it. According to PwC, 59% of enterprises completed a fraud risk assessment in the 12 months prior to June 2024, showing they take fraud protection seriously. But beyond knowing your risks, there’s a need for better ways to tackle and mitigate them.

On February 19, 2025, Horizon3.ai published proof-of-concept (PoC) exploit code and technical details for critical Ivanti Endpoint Manager (EPM) vulnerabilities disclosed in January. The vulnerabilities are tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, allowing a remote unauthenticated attacker to leak sensitive information via a path traversal. They share the same underlying issue, which results from an unauthenticated endpoint failing to validate input.