Who Do Romance Scammers Target?
Romance fraud is one of the most sophisticated cybercrimes affecting people online. Every year, thousands of people are exploited through their desire for human connection.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
How to Prevent Cross-Site Scripting (XSS) on Payment Pages
Many teams believe that cross-site scripting, or XSS, is a problem of the past. Modern frameworks promise built-in protections, and developers often assume the browser will handle the rest. The reasoning sounds logical: if React auto-encodes output, XSS can’t happen. However, XSS prevention doesn’t work on assumptions; it works on visibility. We’ve learned that XSS prevention is about maintaining continuous control over the browser environment where your application runs.
The Business Case for Investing in AppSec Tools
Relying on disjointed, manual security processes creates bottlenecks that delay software releases and increase business risk. As development accelerates, security teams struggle to keep pace, leading to a rise in security debt and a greater likelihood of breaches. Investing in the right AppSec tools is no longer a technical decision; it is a strategic business imperative.
Enhancing Disaster Recovery for Red Hat OpenShift with CloudCasa and Red Hat OpenShift on AWS (ROSA)
Building resilient infrastructure is a must for modern organizations operating across hybrid environments. As applications move between on-premises and the cloud, ensuring data protection and continuity becomes a key priority. Red Hat OpenShift offers a consistent platform for running containerized and virtualized workloads across hybrid environments.
Extending Zero Trust to Every Endpoint
Learn how to evolve your Zero Trust strategy with expert insights from LevelBlue. As organizations grow and face new compliance challenges, securing access to data and applications is more critical than ever. In this Zero Trust webinar, our cybersecurity experts explore how to build a unified, resilient Zero Trust framework using managed security services that combine endpoint security and network security.
Multitasking Employees Are Particularly Vulnerable to Phishing Attacks
Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.
If You Have Not Realized It, Vishing Is Really Taking Off
Fighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. KnowBe4 and the HRM industry have been warning about voice-based social engineering and phishing for decades. Some of the biggest and most notable hacks have long been based on it. Stories have often been told of brazen calls that resulted in big hacks.
The Lost Payload: MSIX Resurrection
MSIXBuilder transforms what was traditionally a complex, multi-tool process into a single automated workflow that mirrors actual attacker techniques. By automatically handling certificate lifecycle management, dependency resolution, and package signing, the tool removes the technical barriers that previously prevented security teams from creating realistic test scenarios. This means defenders can quickly generate both signed and unsigned MSIX packages to validate their AppXDeployment event log coverage, confirm detection rules, and build detection coverage that actually works against real-world threats.
An AI/ML Deep Dive with Luke Wolcott
AI is reshaping how we detect and stop cyber threats, but not always how headlines suggest. This, Luke Wolcott joins to unpack how real ML drives real defense.
How a Global Bank Nearly Eliminated Audit Response Time
Across the financial sector, compliance teams face rising expectations from regulators and customers alike. Agencies such as the SEC, OCC, FDIC, CFPB, and the European Banking Authority now demand proof of continuous compliance—not point-in-time reports. Yet most financial institutions still depend on spreadsheets, manual command-line checks, and tribal knowledge to validate security controls.