For almost 20 years, stolen credentials have been the most common route for attackers into organizations, according to the Verizon Data Breach Investigations Report (DBIR). But that's no longer the case.According to the newly published 2026 report, exploitation of vulnerabilities has overtaken credential theft as the leading vector for hackers to gain their initial access — accounting for 31% of...

Goher Mohammad’s path into cybersecurity may feel familiar, and for good reason. Starting in IT, then moving into risk and compliance before stepping into security leadership, his journey followed the same path that played out in the industry. We recently spoke with Goher about how the CISO role is evolving, what it takes to lead through an incident, and the challenges of securing organizations...

It's all very well defending your organization from external hackers and malware attacks, but your systems are only as strong as the people to whom you have handed the keys.According to new research, an uncomfortable number of people appear willing to sell critical credentials and passwords to the highest bidder.The Workplace Fraud Trends report, published by Cifas, claims that an eyebrow-raising...

Coming from a security lens, skepticism about AI is the default. With last week’s Mythos debacle hardly in the rearview, the attitude is only reinforced. I recently had the chance to sit down with Troy Hunt and pick his brain on the subject. What he had to offer was surprising, and (dare I say) refreshing. While we can never stop asking “how is this going to hurt us,” a myopic view of the...

Ian Thornton-Trump looks at the shift towards intelligence-led, proactive defense, the growing battle for identity, and what makes the difference between a good reactive CISO.

ServiceNow can introduce significant data security risks and vulnerabilities. Discover how Fortra DSPM can address these challenges.

Have you ever taken a look at your Microsoft 365 mailbox rules? If not, it might be worth a few minutes of your time. Because newly released research reveals that hackers may already have beaten you to it.A new report from researchers at Proofpoint reveals that approximately one in 10 Microsoft 365 accounts compromised in Q4 2025 had malicious mailbox rules created shortly after the attacker...

BrowserGate explained: How LinkedIn used extension resource probing, why only a third were detectable, and why the privacy panic is misplaced.

The FBI's Internet Crime Complaint Center (IC3) has released its 2025 Annual Report, and two threats dominate the headlines: artificial intelligence and cryptocurrency. Together, crypto and AI is reshaping the fraud landscape in ways that should concern organizations and individuals alike.According to its report, for the first time in the IC3's 25-year history, complaints of cybercrime crossed the...

Fortra researchers identified an active phishing campaign that delivers a Remote Access Trojan by abusing Datto’s legitimate RMM platform as its command-and-control channel, giving attackers persistent, full remote access while blending into normal enterprise traffic. The campaign relies on social engineering rather than exploits and is difficult to detect because malicious activity is tunneled through trusted Datto RMM infrastructure over HTTPS.