Blog

AI code body
Blog

Defending the Identity Layer in the Age of AI

By Nick Hogg on Mon, 12/01/2025
Attackers increasingly target the identity layer, “abusing overprivileged accounts, misconfigured roles, or insecure tokens to gain lateral access,” as noted in the Fortra FIRE team’s recent Secure AI Innovation guide. Forbes reports that 75% of attacks now utilize identity-based threats, and recent research reveals that 90% of organizations have experienced an identity-related security incident...
Woman pointing to computer monitor in an office hallway
Blog

Threat Hunting Across Industry Sectors: Threats and Strategic Defences August 2025

By Ian Ashworth on Wed, 11/26/2025
IntroductionIn an increasingly digitized world, the battle between organizations and cyber adversaries has never been more dynamic, or more consequential. Every industry, from financial services to healthcare, education, and beyond, faces attackers who are constantly evolving, armed with automation, AI-driven tactics, and global criminal networks. The question is no longer if adversaries will...
AI code and shadow
Blog

Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner

By Graham Cluley on Wed, 11/26/2025
40% of global organisations could be hit by security breaches due to "shadow AI" by 2030, according to analyst firm Gartner.Shadow AI - the use of artificial intelligence tools by employees without a company's approval and oversight - is becoming a significant cybersecurity risk.Unlike traditional "shadow IT," which involves workers installing unauthorised software or plugging in unapproved...
hands robot dot AI
Blog

Why AI Security Means API Security

By Mike Reed on Tue, 11/25/2025
APIs can no longer be relegated to the back burner of security. As one of the primary ways in which GenAI models function, API security is closely linked – if not synonymous with – AI security. The issue is changing the mindset. Before the AI wave, APIs were the primary tool of developers to connect applications on the backend. They still are. However, placing them squarely in the dev circle for...
computer keyboard data protection padlock
Blog

Beyond Compliance: Turning Data Protection into a Competitive Advantage

By Nick Hogg on Mon, 11/24/2025
Today’s clients and consumers aren’t satisfied with bare-minimum compliance checkboxes anymore - if ever they were. As the stakes rise on organizational data value, so does attention to its security. That’s why data security is now not only table stakes, but a key differentiator when choosing where to invest. Organizations that want to stay ahead of competitors have a unique opportunity; as data...
uk_union_flag
Blog

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers

By Graham Cluley on Thu, 11/20/2025
After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks.The Cyber Security and Resilience Bill arrives as cyber-attacks cost the British economy an estimated £14.7 billion annually - approximately 0.5% of GDP.The bill significantly expands the types of organisation required to...
gate fence road guardrail
Blog

AI: Lacking Guardrails, Talent, and Resources?

By Gina Cardelli on Wed, 11/19/2025
Artificial intelligence is already present in our workflows, communication tools, customer systems, and even decision-making processes. Yet, most organizations are still catching up to what this means for risk and responsibility.AI’s rapid advancement echoes previous technology shifts - like Cloud Migration and Automation and SaaS adoption - where governance lagged behind innovation.But AI isn’t...
file secret confidential
Blog

The Data Confidence Gap: Why Organizations Still Can’t Trust Their Data

By Madhu Dodda on Mon, 11/17/2025
In the era of big data, the ultimate irony is that many companies are too afraid to use their own.The data confidence gap has become a significant aspect of security discussions today, as different departments approach the table with varying metrics, and none of them align. For a company to use its information in a way that genuinely moves the business forward, every party that leverages that data...
robot hands on keyboard
Blog

What Does it Take to Deploy AI Successfully?

By Mike Reed on Fri, 11/14/2025
AI use is growing rapidly. Research from Stanford University found that 78% of organizations reported using the technology in 2024, up from 55% the previous year.Unfortunately, however, that speed of implementation often comes at the cost of security and the problem is that, in a mad dash to adopt AI and remain competitive, organizations are chasing innovation faster than they can secure and...
direction confusion
Blog

Cybersecurity in Uncertain Times: Lessons from PwC’s 2026 Digital Trust Insights

By Donnie MacColl on Thu, 11/13/2025
Cybersecurity has entered uncharted waters. The 2026 PwC Global Digital Trust Insights report makes this painfully clear. A rapidly shifting world, amplified by geopolitical turbulence and unprecedented technology leaps, is testing the limits of our cyber strategies.I read the numbers and paused. Sixty percent of business and tech leaders rank cyber risk investment among their top three strategic...
padlock AI API key
Blog

Leading AI Companies Accidentally Leak Their Passwords and Digital Keys on GitHub - What You Need to Know

By Graham Cluley on Wed, 11/12/2025
What has happened?Many of the world's top artificial intelligence companies are making a simple but dangerous mistake. They are accidentally publishing their passwords and digital keys on GitHub, the popular code-sharing website that is used by millions of developers every day.The problem was found by security researchers at Wiz who examined 50 leading AI firms, and discovered that 65% of them had...
Blog

November 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/11/2025
Today’s Patch Tuesday Alert addresses Microsoft’s November 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62215This privilege escalation vulnerability in the Windows Kernel has been rated by Microsoft as Important. Successful...
Threat Research & Intelligence
Vulnerability Management
Blog

BEC Global Insights Report: October 2025

By John Farina on Mon, 11/10/2025
The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
AI Is Shaping Cyber Threats: How Organizations Can Stay Ahead
Blog

Threat Intelligence vs. Threat Data: What’s the Difference?

By Josh Davies on Fri, 11/07/2025
Organizations are still overwhelmed by what they’re told, and sold as, ‘Threat Intelligence.’ In reality it falls short, as its really just threat/IOC data.The term has been thrown around so often that its true meaning and value have been diluted. It’s time to set the record straight and restore the trust and respect that ‘Threat Intelligence’ deserves.Threat Data: What It Really IsThreat data is...
Threat Research & Intelligence
computer_water_waves
Blog

The Rising Tide of Cyber-Attacks Against the UK Water Sector

By Graham Cluley on Thu, 11/06/2025
Critical infrastructure is once again in the spotlight, as it is revealed that several UK water suppliers have reported cybersecurity incidents over the last two years.The disclosure that attackers are probing the systems relied on to manage the delivery of safe drinking water to millions of households comes in newly-released information from the Drinking Water Inspectorate (DWI), following a...
Patch Tuesday Analysis
Blog

Fortra Patch Priority Index for October 2025

By Lane Thames on Thu, 11/06/2025
Fortra's October 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Chromium, Internet Explorer, and Microsoft Edge (Chromium-based) that resolve 15 issues, including use-after-free, heap buffer overflow, inappropriate implementation, and remote code execution vulnerabilities.Next on the list are patches for...
school classroom
Blog

What 20 Years Has Taught Him About What Security Needs - And Where It’s Going

By Dan Raywood on Mon, 11/03/2025
A good company is greater than the sum of its parts. But at Fortra, those parts are pretty good, too. Recently, we had a chance to sit down with Tyler Reguly, Associate Director, Security R&D at Fortra. A career cybersecurity veteran, Tyler graduated from Fanshawe College, where he developed and taught five courses on hacking and malware. He has contributed to various standards, including CVSSv3...