Blog

Blog

Cybersecurity Regulatory Landscape in Switzerland: A Primer for Business 

Switzerland is famous for being neutral, discreet, and self-contained. And while that reputation holds in the digital world, too, in the immortal words of Bob Dylan, “the times they are a changin.” To stay in business, even Switzerland must meet data privacy standards set outside of its borders. Cyber threats are growing in volume and sophistication, and regulations need to adapt accordingly. For...
Blog

Cephalus ransomware: What you need to know

What is Cephalus?Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Like many other ransomware attacks, Cephalus not only encrypts but also steals sensitive data - with victims named-and-shamed on a dedicated leak site hosted on the dark web.Where does it get the name Cephalus from?Cephalus is a character...
Blog

The Impact of CMMC 3.0 on Government Contractors

With 55% of government contractors expecting their next job to include a CMMC requirement, adhering to the latest, most updated version of “CMMC 3.0" is imperative. According to a recent US Department of Defense (DoD) memo, such an update may be on the horizon.Here are the facts, and what they could mean for certification hopefuls.What is CMMC 3.0?First, let’s get a few things straight. The CMMC 2...
Blog

Ransomware Pivot: From Hospitals to High Street

Last year, headline news of staggering ransomware attacks was inescapable. But according to new research by Comparitech, those numbers may be slowing down.By studying 211 ransomware attacks on the healthcare sector in H1 2025, the firm noted only a 4% increase year-over-year. While this still represents a modest improvement, figures for other “easier/more lucrative” industries were much higher,...
Blog

Cybersecurity Regulatory Landscape in Japan: A Primer for Business

Cybersecurity in Japan has always had a cultural element, infused with precision, preparation, responsibility, and accountability. Today, it’s also a matter of national security and global trust. As threats intensify and alliances shift, Japan has responded with structured policy and determination. For companies operating in or with ties to Japan, cybersecurity compliance is part of the operating...
Blog

Understanding the NIS2 Directive: What It Means for Business

What is the NIS2 Directive?The NIS2 (Network and Information Security 2) Directive is the European Union’s updated, overarching cybersecurity legislation governing cybersecurity in 18 critical sectors.NIS2 requires each EU Member State to adopt a national cybersecurity strategy, ensure the proper critical entities comply, and include risk management measures such as:Supply chain...
Blog

Warlock ransomware: What you need to know

What is the Warlock?Warlock is a ransomware operation that emerged in 2025, combining the traditional "double extortion" tactics of encrypting victims' files so they cannot be accessed, and threatening to release data stolen from the company's network.Nasty, but sadly not that unusual.Unfortunately, that’s right. The Warlock ransomware group seems to have stepped up its attacks in recent months,...
Blog

Waiting to Patch? Attackers Won’t Wait to Exploit.

In the time it takes for some companies to determine which vulnerabilities to patch, attackers will have already launched their malicious strike.In cybersecurity, we see this all the time. A major company was breached through a vulnerability that had a patch available for over 6 months. The patch wasn’t applied due to internal process delays, competing priorities, and fear of system downtime....
Blog

Back to Basics: Why Checkbox Compliance Isn’t Enough

Compliance doesn’t protect you. It simply outlines the defenses that should have been in place. And when you’re not compliant, the gap often only comes to light after something’s gone wrong. In today’s evolving threat landscape, passing an audit isn’t enough. Security leaders need continuous visibility, actionable insights, and real-world accountability, long before an auditor ever shows up. It’s...
Blog

Cybersecurity Regulatory Landscape in Singapore: A Primer for Businesses

The world is more connected than ever, and laws cannot afford to lag behind threats. With this in mind, Singapore has built a legal and organizational backbone for cybersecurity that requires precision and constant readiness. Every company in the city-state (and even those beyond its borders handling the personal data of its people) must meet these strict rules or face the consequences. Core...
Blog

BEC Global Insights Report: July 2025

The monthly Global BEC Insights Report from Fortra presents a comprehensive analysis of the latest tactics, techniques, and procedures (TTP) employed by BEC threat actors. This report draws on extensive intelligence gathered from hundreds of active defense engagements conducted throughout the month. Key insights include geolocation data, attack volume, and the variety of scams, such as payroll diversion and advance fee fraud. The report also highlights the use of gift cards in scams, the requested amounts in wire transfer fraud, and the banks and webmail providers frequently targeted by attackers. These findings provide a critical understanding of the evolving BEC threat landscape.
Blog

What Is Offensive Security?

Defining Offensive SecurityOffensive security is a proactive process that is imperative in modern cybersecurity. The threat landscape is in constant growth and evolution, meaning penetration testing, red teaming, and vulnerability management have become vital. An offensive security approach exposes and closes security gaps before a breach ever occurs. An ethical hacker will employ offensive...
Blog

Data Breach Costs Drop for First Time in 5 Years. But Is That the Full Story?

For the first time in five years, data breach costs are on the decline. This represents faster containment, largely powered by AI. Cybersecurity at large deserves a great pat on the back.But attackers hate being outpaced, and their AI attack rates show it. Despite GenAI only being publicly released (unleashed?) less than 3 years ago, AI-powered attacks now account for 16% of all cyber strikes. To...
Blog

The MedusaLocker ransomware gang is hiring penetration testers

MedusaLocker, the ransomware-as-a-service (RaaS) group that has been active since 2019 is openly recruiting for penetration testers to help it compromise more businesses. As Security Affairs reports, MedusaLocker has posted a job advert on its dark web leak site, which pointedly invites pentesters who already have direct access to corporate networks to make contact."If you don't have access,...
Vulnerability Research

August 2025 Patch Tuesday Analysis

Today’s Patch Tuesday Alert addresses Microsoft’s August 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1169 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-53779A vulnerability in Windows Server 2025 allows authorized users with access to the msds-groupMSAMembership and msds...
Blog

Strengthening Federal Cybersecurity: End-to-End Solutions for Government Agencies

Over the next year, domestic and foreign adversaries almost certainly will continue to threaten the integrity of US critical infrastructure,” states the Homeland Threat Assessment 2025. “We are particularly concerned about the credible threat from nation-state cyber actors to US critical infrastructure.” In light of these and other severe threats to U.S. federal agencies, the issue of federal...
Blog

Top Cybersecurity Regulations for Financial Services: Compliance Roadmap for FinServ and Banks

What Is Banking Regulatory Compliance?Banking regulatory compliance encompasses adhering to the policies put in place to ensure the stability and integrity of financial systems. These requirements are enacted by government institutions, or governing bodies of financial institutions themselves.Stable economies depend on trustworthy and resilient financial systems. Banking regulations exist to...
Blog

Ransomware plunges insurance company into bankruptcy

A company, which offered insurance and repair services to cell phone owners across Germany, and generated revenues of up to 70 million Euros (US $80 million) has collapsed following a ransomware attack. Einhaus Gruppe, located in Hamm, Nordrhein-Westfalen, was founded in 2003 and had over 5000 sales partners across Germany. And yet, despite the company's success, an attack by the Royal ransomware...
Blog

Fortra Patch Priority Index for July 2025

Fortra's July 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Chromium and Microsoft Edge (Chromium-based) that resolve type confusion, information disclosure, and remote code execution vulnerabilities.Next on the list are patches for Microsoft Office, Word, Excel, PowerPoint, and Teams. These patches resolve...
Blog

Cybersecurity Regulatory Landscape in Portugal: A Primer for Business

The digital world has become a battleground of code and consequence. Cybersecurity no longer hides behind the IT desk. It stands center stage, an operational, legal, and existential concern. In Portugal, as across Europe, the rules are tightening, and the margin for error is shrinking. For global businesses, understanding Portugal’s cybersecurity laws is not a footnote. It’s the headline.The Core...