Expert analysis
Aim for crypto-agility, prepare for the long haul
While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological …
AI security posture management will be needed before agentic AI takes hold
As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing …
Scam Yourself attacks: How social engineering is evolving
We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in …
Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?
The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a …
A humble proposal: The InfoSec CIA triad should be expanded
The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may …
This is the year CISOs unlock AI’s full potential
In 2025, CISOs will have powerful new capabilities as generative artificial intelligence (GenAI) continues to mature. Evolving beyond providing answers to questions, GenAI …
Time for a change: Elevating developers’ security skills
Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, …
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
January 2025 Patch Tuesday is now live: Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Welcome to 2025 and a new year of patch excitement! In my December …
The SBI fake banking app shows that SMS authentication has had its day
As a company fortunate enough to have and maintain our own pentesting team, we often do outreach with other organizations to assist with or provide our expertise in offensive …
Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd
As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working …
Why an “all gas, no brakes” approach for AI use won’t work
Machine learning and generative AI are changing the way knowledge workers do their jobs. Every company is eager to be “an AI company,” but AI can often seem like a black box, …
Making the most of cryptography, now and in the future
Enterprise cryptography faces risks beyond just the advent of quantum computers. For starters, there is no guarantee that the traditional algorithms have not been broken. …
Featured news
Resources
Don't miss
- Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
- Why security culture is crypto’s strongest asset
- Why remote work is a security minefield (and what you can do about it)
- Trump orders revocation of security clearances for Chris Krebs, SentinelOne
- FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)