The start of a new year is always a good time to take stock. In cybersecurity, one perennial problem - the persistence of “vintage” open source vulnerabilities like Heartbleed and Shellshock – should force us to ask some hard questions. Why do so many vulnerabilities persist in Open Source (OS) tools, and how do we fix the problem? In theory, OS tools should be more secure. In practice, it hasn’t...

Security needs to be reevaluated in the context of AI, but not everything needs to change at once. Organizations that take a measured approach will do better, not giving into the AI hype cycle but recognizing the strategic ways AI is changing the game — and the ways it is changing security trajectories for the better.AI Is Weakening DefensesAI-enabled attacks are increasing, weakening existing...

Cobalt Strike 4.12 is now available. We are excited to introduce a new look and feel for the Cobalt Strike GUI, a REST API, User Defined Command and Control (UDC2), new process injection options, new UAC bypasses, a new BOF API BeaconDownload for in-memory buffers, and new drip loading Malleable C2 options.Additionally, we have overhauled pivot Beacons so that they now support the novel Sleepmask...

Imagine the scene. It's a cold Monday morning in Moscow. You walk out to your car, coffee in hand, ready to face the day. You press the button to unlock your car, and ... nothing happens. You try again. Still nothing. The alarm starts blaring. You can't turn it off.Welcome to Monday 26 January, 2026, and the chaos that was caused by a cyberattack on Delta - a Russian company that provides smart...

Introduction to the HaxorSEO MarketplaceFortra Intelligence and Research Experts (FIRE) have uncovered a group of active malicious threat actors operating since 2020. The group refers to themselves as Haxor, a slang word for hackers, and their marketplace as HxSEO, or HaxorSEO. HxSEO has established its primary base of operations and marketplace on Telegram and WhatsApp. HxSEO stands out for...

Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in the pursuit of an objective. For example, searching file shares and internal applications for sensitive information of credentials. These tasks are often time consuming, but can be dramatically improved with the...

The 6.2 release of Fortra’s Secure Email Gateway marks a significant milestone in email security. This major update introduces cutting-edge enhancements powered by the Fortra Threat Brain, designed to deliver superior protection against phishing, malware, and spam.What's New in Version 6.2?At the heart of this release is the Fortra Threat Brain, a sophisticated intelligence engine that aggregates...

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today.That's not just my opinion, that's also the message that comes loud and clear from the World Economic Forum's newly-published "Global Cybersecurity Outlook 2026." As the report bluntly...

Agentic AI systems are designed for autonomy, but autonomy changes everything. These aren’t traditional vulnerabilities or software bugs; they’re design-level weaknesses where decision logic, data context, and control boundaries collide. And after a year of watching real agents drift, loop, and improvise in production, one thing’s clear: intelligence without constraint isn’t progress, it’s risk...

Data sprawl, the uncontrolled proliferation of data across cloud platforms, collaboration tools, and devices, is creating unprecedented challenges for organizations. As organizations generate and store ever-increasing volumes of unstructured data, every new file, workspace, or database adds complexity, multiplies exposure points, and increases the likelihood of sensitive information slipping...

Discover why fixing misconfigurations and patching vulnerabilities can prevent up to 85% of cyber threats. Learn how proactive cyber hygiene saves time, money, and reduces SOC overwhelm.