Post-exploitation tasks frequently require manual analysis, such as relying on an operators’ expertise to scan a target environment for sensitive information that could support in the pursuit of an objective. For example, searching file shares and internal applications for sensitive information of credentials. These tasks are often time consuming, but can be dramatically improved with the...

The 6.2 release of Fortra’s Secure Email Gateway marks a significant milestone in email security. This major update introduces cutting-edge enhancements powered by the Fortra Threat Brain, designed to deliver superior protection against phishing, malware, and spam.What's New in Version 6.2?At the heart of this release is the Fortra Threat Brain, a sophisticated intelligence engine that aggregates...

We can no longer say that artificial intelligence is a "future risk", lurking somewhere on a speculative threat horizon. The truth is that it is a fast-growing cybersecurity risk that organizations are facing today.That's not just my opinion, that's also the message that comes loud and clear from the World Economic Forum's newly-published "Global Cybersecurity Outlook 2026." As the report bluntly...

Agentic AI systems are designed for autonomy, but autonomy changes everything. These aren’t traditional vulnerabilities or software bugs; they’re design-level weaknesses where decision logic, data context, and control boundaries collide. And after a year of watching real agents drift, loop, and improvise in production, one thing’s clear: intelligence without constraint isn’t progress, it’s risk...

Data sprawl, the uncontrolled proliferation of data across cloud platforms, collaboration tools, and devices, is creating unprecedented challenges for organizations. As organizations generate and store ever-increasing volumes of unstructured data, every new file, workspace, or database adds complexity, multiplies exposure points, and increases the likelihood of sensitive information slipping...

Discover why fixing misconfigurations and patching vulnerabilities can prevent up to 85% of cyber threats. Learn how proactive cyber hygiene saves time, money, and reduces SOC overwhelm.

We recently sat down with Errol Weiss, Chief Security Officer (CSO) at Health-ISAC to better understand the challenges, excitements, and concerns facing executive-level security leaders: in healthcare and across the board. We discussed subjects including prescriptively preventing burnout, the largely untapped value in sharing threat intelligence, and closing the security loop so CISOs can sleep at...

This year, Fortra has been pushing the security envelope on a number of different fronts, and we’re excited to stay on the forefront of cyber change.On that note, here are Fortra’s top ten highlights of 2025. Running these down at year’s end keeps us honest. It shows both our customers and us how far we’ve come, and the exciting places we’re heading toward.1. Acquiring Lookout Cloud SecurityFortra...

Now that CMMC 2.0 enforcement is finally underway, the whole topic of the U.S.’s Cybersecurity Maturity Model Certification needs to be revisited. Version 2.0 was simplified and finalized in 2024; however, its official start date was November 10, 2025. Consequently, defense contractors and hopefuls will have to officially clear this latest set of hoops to earn government contracts with the U.S....

Learn how Python pickle serialization exposes AI/ML pipelines to supply chain attacks. Discover exploitation methods and actionable steps to secure your models.

Below we describe post compromise activity taken by a threat actor following exploitation of the Windows Server Update Service (WSUS) remote code execution vulnerability CVE-2025-59287. In this breach, we have observed the threat actor using several common, typically benign tools to achieve their goals and attempt to mask their actions.The threat actor downloaded Velociraptor, a digital forensics...

Lynn Penick explores how small, disciplined steps can significantly improve cybersecurity maturity and prevent catastrophic breaches. Using the Louvre Museum heist as an example, it emphasizes that security failures often stem from simple oversights — like weak passwords — rather than sophisticated attacks.

The blog highlights the severe challenges facing U.S. cybersecurity due to a government shutdown and the expiration of the Cybersecurity Information Sharing Act of 2015. With CISA operating at only 35% capacity, federal support for CISOs is minimal, leaving organizations vulnerable to escalating nation-state cyberattacks. The lapse of liability protections discourages companies from sharing threat data, weakening collective defense efforts.