Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
How the rise in identity crimes and cyberattacks impacts small businesses
The Identity Theft Resource Center (ITRC) has published a report on the impacts of identity crimes and cyberattacks on small businesses. There are 42 million solopreneurs, …
Ransomware attacks increased 148% in Q3 2021, showing no sign of slowing
SonicWall recorded a 148% increase in global ransomware attacks through the third quarter (Q3) of 2021. With 470 million ransomware attacks logged by the company this year to …
While businesses are ramping up their risk mitigation efforts, they could be doing more
Zurich North America and Advisen have released a survey of corporate risk managers and insurance buyers revealing current views about information security and cyber risk …
Only 2% of IT practitioners are confident in their organization’s ability to reduce API security issues
Cloudentity announced a report conducted by PulseQA, revealing that in the last 12 months, at least 44% of respondents expressed substantial issues concerning privacy, data …
Trojan Source bugs may lead to extensive supply-chain attacks on source code
Cambridge University researchers have detailed a new way targeted vulnerabilities can be introduced into source code while making them invisible to human code reviewers, …
Active Directory control: How adversaries score even bigger goals via attack paths
Microsoft Active Directory and Azure Active Directory are directory services products used for identity and access management at most major enterprises all over the world. All …
What is wrong with developer security training?
“Turn a developer into a hacker” is a commonly heard call. There are many online courses and trainings that ostensibly teach developers how to write code that’s …
Advice from a young, female CISO: Key lessons learned
Ellen Benaim, the newest CISO at Copenhagen-based SaaS provider Templafy, started her career at the company in June 2018 as technical support, but from the moment she sat down …
Cybersecurity threat landscape growing in sophistication, complexity and impact
The 9th edition of the ENISA Threat Landscape (ETL) report released by the European Union Agency for Cybersecurity highlights the surge in cybercriminality motivated by …
40% of organizations suffered a cloud-based data breach in the past 12 months
Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even …
80% of organizations plan to increase spending on cybersecurity posture management
80% of IT and security professionals plan to increase spending on their cybersecurity posture management over the next 12-18 months, according to a Balbix survey. …
Featured news
Resources
Don't miss
- European police busts Ukraine scam call centers
- SoundCloud breached, hit by DoS attacks
- The messy data trails of telehealth are becoming a security nightmare
- What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts
- Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)