Blog
Blog

Velociraptor DFIR Tool Abused in WSUS RCE CVE-2025-59287

By Ben Lee on Thu, 12/18/2025
Below we describe post compromise activity taken by a threat actor following exploitation of the Windows Server Update Service (WSUS) remote code execution vulnerability CVE-2025-59287. In this breach, we have observed the threat actor using several common, typically benign tools to achieve their goals and attempt to mask their actions.The threat actor downloaded Velociraptor, a digital forensics...
Blog

Mind the Gaps: Incremental Steps Toward Real Security

By Lynn Penick on Wed, 12/17/2025
Lynn Penick explores how small, disciplined steps can significantly improve cybersecurity maturity and prevent catastrophic breaches. Using the Louvre Museum heist as an example, it emphasizes that security failures often stem from simple oversights — like weak passwords — rather than sophisticated attacks.
Blog

Cybersecurity Risks During a Government Shutdown

By Rohit Dhamankar on Tue, 12/16/2025
The blog highlights the severe challenges facing U.S. cybersecurity due to a government shutdown and the expiration of the Cybersecurity Information Sharing Act of 2015. With CISA operating at only 35% capacity, federal support for CISOs is minimal, leaving organizations vulnerable to escalating nation-state cyberattacks. The lapse of liability protections discourages companies from sharing threat data, weakening collective defense efforts.
agent agentic AI
Blog

Agentic AI: Where Do We Go from Here?

By Tony Kelly on Mon, 12/15/2025
A recent IEEE global study revealed that 96% believe that the innovation, exploration and adoption of AI - specifically agentic AI - will continue at “lightning speed” in 2026. What does that mean? It means that with the cement still hardening on AI regulatory compliance and the necessary data center infrastructure to support it still five years out, we’d better learn to secure it, and fast. AI...
AI browser stop sign
Blog

Gartner Tells Businesses to Block AI Browsers Now

By Graham Cluley on Fri, 12/12/2025
Analyst firm Gartner has issued a blunt warning to organizations: Agentic AI browsers introduce serious new security risks and should be blocked "for the foreseeable future."The firm's advisory, entitled "Cybersecurity Must Block AI Browsers for Now", argues that AI browsers are currently favoring convenience over security and that organizations are not ready for the risks that they pose."Gartner...
Fortra Patch Priority Index
Blog

Fortra Patch Priority Index for November 2025

By Lane Thames on Wed, 12/10/2025
Fortra's November 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Chromium and Microsoft Edge (Chromium-based) that resolve five issues, including inappropriate implementation and out-of-bounds write vulnerabilities.Next on the list are patches for Microsoft Office, Word, and Excel. These patches resolve 11...
ransomware world map
Blog

Ransomware May Have Extorted Over $2.1 Billion Between 2022-2024, but it's not all Bad News, Claims FinCEN Report

By Graham Cluley on Wed, 12/10/2025
A new report from the United States's Financial Crimes Enforcement Network (FinCEN) has shone a revealing light on the state of the criminal industry of ransomware.The report, which examines ransomware incidents from 2022 to 2024, reveals that attackers extorted more than $2.1 billion over the three-year period.Yes, that number is enormous - but it hides a more interesting story beneath it: that...
Patch Tuesday Analysis
Vulnerability Research

December 2025 Patch Tuesday Analysis

By Tyler Reguly on Tue, 12/09/2025
Today’s Patch Tuesday Alert addresses Microsoft’s December 2025 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-62221A use after free vulnerability in the Windows Cloud Files Mini Filter could allow an authenticated user to...
Threat Research & Intelligence
AI evil eyes espionage
Blog

AI Espionage Is Here: Why Data Security Must Be Your First Priority

By Mike Reed on Mon, 12/08/2025
Anthropic’s recent report on the first AI-orchestrated cyber espionage campaign isn’t just another headline, it’s a turning point. Attackers leveraged AI to automate nearly every stage of the intrusion lifecycle: reconnaissance, vulnerability scanning, exploitation, credential harvesting, and exfiltration. What’s striking is the speed and sophistication: tasks that once required weeks of human...
robot AI finger padlock exploit
Blog

Using AI to Turn CVSS Scoring into Patch Prioritization

By Donnie MacColl on Fri, 12/05/2025
The age of AI is no time to be getting behind on alerts. But the old system of prioritizing patches based on CVSS scores alone is outmoded and ineffective.Fortra brings AI into the patch prioritization arena, enhancing traditional CVSS scoring with ML models that determine how likely that a vulnerability is to get exploited in a real-world scenario. Then, reconfiguring priorities from there. This...
ddos wave
Blog

Why the Record-Breaking 30 Tbps DDoS Attack Should Concern Every Business

By Graham Cluley on Thu, 12/04/2025
If you're reading this article, I can be pretty sure your organization relies on the internet. It may be for serving customers, delivering apps, running cloud services, or simply maintaining your day-to-day operations.The fact is if your connection to the internet is disrupted, it is likely that there will be an impact on your business to a lesser or greater extent.And that's why a new warning...
hacker phish
Blog

FBI Warns of Surge in Account Takeover (ATO) Fraud Schemes - What You Need To Know

By Graham Cluley on Wed, 12/03/2025
What is account takeover fraud?Account takeover fraud (also known as ATO fraud) occurs when a malicious hacker or fraudster compromises and gains control of an account without legitimate authorisation.Typically the online account might be a bank account, email account, or social media profile that has been accessed after stealing login credentials through phishing, malware, a data breach, or...
AI code body
Blog

Defending the Identity Layer in the Age of AI

By Nick Hogg on Mon, 12/01/2025
Attackers increasingly target the identity layer, “abusing overprivileged accounts, misconfigured roles, or insecure tokens to gain lateral access,” as noted in the Fortra FIRE team’s recent Secure AI Innovation guide. Forbes reports that 75% of attacks now utilize identity-based threats, and recent research reveals that 90% of organizations have experienced an identity-related security incident...
Woman pointing to computer monitor in an office hallway
Blog

Threat Hunting Across Industry Sectors: Threats and Strategic Defences August 2025

By Ian Ashworth on Wed, 11/26/2025
IntroductionIn an increasingly digitized world, the battle between organizations and cyber adversaries has never been more dynamic, or more consequential. Every industry, from financial services to healthcare, education, and beyond, faces attackers who are constantly evolving, armed with automation, AI-driven tactics, and global criminal networks. The question is no longer if adversaries will...
AI code and shadow
Blog

Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner

By Graham Cluley on Wed, 11/26/2025
40% of global organisations could be hit by security breaches due to "shadow AI" by 2030, according to analyst firm Gartner.Shadow AI - the use of artificial intelligence tools by employees without a company's approval and oversight - is becoming a significant cybersecurity risk.Unlike traditional "shadow IT," which involves workers installing unauthorised software or plugging in unapproved...
hands robot dot AI
Blog

Why AI Security Means API Security

By Mike Reed on Tue, 11/25/2025
APIs can no longer be relegated to the back burner of security. As one of the primary ways in which GenAI models function, API security is closely linked – if not synonymous with – AI security. The issue is changing the mindset. Before the AI wave, APIs were the primary tool of developers to connect applications on the backend. They still are. However, placing them squarely in the dev circle for...
computer keyboard data protection padlock
Blog

Beyond Compliance: Turning Data Protection into a Competitive Advantage

By Nick Hogg on Mon, 11/24/2025
Today’s clients and consumers aren’t satisfied with bare-minimum compliance checkboxes anymore - if ever they were. As the stakes rise on organizational data value, so does attention to its security. That’s why data security is now not only table stakes, but a key differentiator when choosing where to invest. Organizations that want to stay ahead of competitors have a unique opportunity; as data...
uk_union_flag
Blog

UK's New Cybersecurity Bill Takes Aim at Ransomware Gangs and State-Backed Hackers

By Graham Cluley on Thu, 11/20/2025
After years of delays, the UK government has finally introduced landmark cybersecurity legislation that could reshape how British organisations defend against digital attacks.The Cyber Security and Resilience Bill arrives as cyber-attacks cost the British economy an estimated £14.7 billion annually - approximately 0.5% of GDP.The bill significantly expands the types of organisation required to...