From which patches you can skip to the effectiveness of a “golden image,” find out the tips and tricks of CVE management.

These days, defense contractors need to stay nimble where compliance is concerned. As technological threats advance, the need for clarity, specificity, and simplicity increases, leading to changes in the regulations that govern contractor cybersecurity. A recently released US Department of Defense (DoD) memo has spurred rumblings that the underlying NIST framework on which the DoD-mandated CMMC ...

AI is no longer science fiction. It is in the inbox. It is in the network. It is in every attack and every defense. Cyber attackers are learning fast. They use AI to scan, craft, and exploit. They automate what used to take hours. They personalize at scale. And defenders are racing to keep pace, building AI-driven tools to stop what attackers create. “Threat actors are constantly innovating and...

A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Volodymyr Viktorovich Tymoshchuk (who is also said to use the aliases "deadforz", "Boba", "msfv", and "farnetwork") has been charged for his alleged role in a series of ransomware attacks that extorted...

window._wq = window._wq || []; _wq.push({ id: "ki4mql81xq", options: { preload: "auto" } }); Today’s Patch Tuesday Alert addresses Microsoft’s September 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-55234From the advisory...

Electronically Stored Information (ESI) refers to any data created, modified, communicated, or stored in digital form. This includes emails, documents, databases, instant messages, audio and video files, social media content, and more—essentially any information that resides in electronic systems. As digital communication and data storage have become the norm, ESI plays a pivotal role in legal...

Protecting data in the context of zero trust means moving beyond perimeter-based defenses to a model where no user, device, or application is inherently trustworthy. As a result, every access request is verified, continuously monitored, and limited to the minimum necessary permissions needed to perform a job function. This approach reduces the risk of insider threats, compromised credentials, and...

Offensive security practices—particularly penetration testing and red teaming—help organizations proactively disrupt the cyber attack chain. By simulating real-world attacks, offensive security identifies weak points across the kill chain stages (reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives) before threat actors can exploit them...

What Is a Purple Team?In cybersecurity, a purple team is a group that combines offensive red team capabilities with defensive blue team insights to provide a truly collaborative, well-balanced security posture. “Purple teaming” is more than a work group; it should be a philosophy.If you’re familiar with offensive security, red and blue team structures are well known. To review:Red Teams: Perform...

The FBI’s Internet Crime Complaint Center (IC3) says that the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. In fact, according to the IC3's latest published annual report, seniors suffered a staggering US $4.885 billion dollars worth of losses last year - a 43% increase from 2023. With an average...

Fortra's August 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.First on the list are patches for Chromium and Microsoft Edge (Chromium-based) that resolve use-after-free and inappropriate implementation vulnerabilities.Next on the list are patches for Microsoft Office, Word, Excel, PowerPoint, and Visio. These patches resolve 15 issues, including...

Email is still the front door for attackers. And the door is wide open. Scammers now use the same tools defenders do. A bad actor with access to a large language model can generate flawless English, craft convincing requests, and sound exactly like a colleague or supplier. The result: emails that slip past traditional filters with ease. “By the time blocking rules and security have been built up...

Cybersecurity for Credit UnionsCredit union cybersecurity compliance is the practice of adhering to a set of mandates and regulations that ensure the confidentiality and integrity of digitized member data.Last year (September 1, 2023 – August 31, 2024) the National Credit Union Administration (NCUA) reported 1,072 cyberattacks among the 4,411 federally registered credit unions in the U.S. That...

Switzerland is famous for being neutral, discreet, and self-contained. And while that reputation holds in the digital world, too, in the immortal words of Bob Dylan, “the times they are a changin.” To stay in business, even Switzerland must meet data privacy standards set outside of its borders. Cyber threats are growing in volume and sophistication, and regulations need to adapt accordingly. For...

What is Cephalus?Cephalus is a relatively new ransomware operation that emerged in mid-2025, and has already been linked to a wave of high-profile data leaks. Like many other ransomware attacks, Cephalus not only encrypts but also steals sensitive data - with victims named-and-shamed on a dedicated leak site hosted on the dark web.Where does it get the name Cephalus from?Cephalus is a character...

With 55% of government contractors expecting their next job to include a CMMC requirement, adhering to the latest, most updated version of “CMMC 3.0" is imperative. According to a recent US Department of Defense (DoD) memo, such an update may be on the horizon.Here are the facts, and what they could mean for certification hopefuls.What is CMMC 3.0?First, let’s get a few things straight. The CMMC 2...

Discover what a CMMC audit involves, how it ensures compliance for defense contractors, and how it differs from other cybersecurity audits.

Multicloud security involves strategies and measures to safeguard data, applications, and infrastructure across multiple cloud environments.