New research reveals that 81% of consumers would lose trust in a brand if their personal data was breached — even once. The 2025 CISO Benchmark Report, published by the Retail and Hospitality ISAC (RH-ISAC), examines the effects of digital transformation on cybersecurity initiatives within these sectors. Notably, the report emphasizes the need to secure the digital core, champion cybersecurity...

Cyber threats never wait for regulatory certainty. They exploit ambiguity, move through supply chains, and turn compliance gaps into points for entry. In Mexico, the regulatory picture is still forming, defined more by what it implies than what it demands. Mexico also ranks among the hardest-hit countries in Latin America when it comes to cyber threats. By 2024, the country accounted for more than...

“Stay Safe Online” is the call of this year’s National Cybersecurity Awareness Month (NCSAM). For most of us in the security industry, that’s a no-brainer. But do our online security obligations extend only to ourselves? Here’s how a broader view might make us think differently about “entry-level security awareness” this year, and how improving even the most basic cyber skillsets could be a genius...

We have all dealt with outdated technology. An old phone that no longer gets updates. A laptop that takes minutes to boot. The stubborn printer that jams every second page. You have probably seen a payment kiosk crash, revealing an ancient Windows XP desktop beneath. Glitches are particularly annoying when they happen to an ATM. But hospitals have similar problems. And here, it is no laughing...

Think about the apps on your phone right now. Your banking app, your working email, the food delivery app: each one is talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate.And here's the problem - hackers have determined that the APIs of mobile apps, when left visible and exploitable, can be a...

In its fifth year, the annual Oh, Behave! report is back to give us another temperature check on the security attitudes of the masses. The findings provide a window into what people know about cybersecurity, what they think they know, and what they’re doing about it. Or not. 57% Always Connected to the Internet Does it look like people are always on their phones? Because they just might be....

As digital systems form the backbone of Italy’s public services and private industries, the regulatory landscape has had to intensify its focus on risk, resilience, and accountability. For global firms working in Italy or with Italians, knowing the rules keeps business running, guards their reputation, and keeps them out of trouble. Core Cybersecurity Regulations in Italy Italy’s regulatory...

What is INC Ransomware?INC is the name of a ransomware-as-a-service (RaaS) operation that first appeared in late summer 2023. Like many other cybercriminal groups, the administrators of INC provide the malware and infrastructure for the attacks. Affiliates of the INC ransomware group carry out the actual attacks themselves, sharing profits they make from blackmailing companies with the core team...

Cyber defense and cybersecurity, while often used interchangeably, are two distinct terms with key differences.Understanding those differences can make all the difference in how you structure your security approach. Cyber Defense vs. Cybersecurity: The Key DifferencesCyber defense is what we think of when we think “cybersecurity,” ironically: the art of actively protecting your data against cyber...

When the industry outgrew the perimeter, it also outgrew VPNs. Now, VPN replacements are in high demand as organizations look for scalable, lightweight ways to secure distributed data in a distributed workforce.Understanding VPN and Its LimitationsVPNs were built for a bygone era, but fail to secure remote work, private data, or private applications today.VPN Security ChallengesSecuring VPNs is a...

What Is Fintech Regulatory Compliance?Regulatory compliance in the fintech sector refers to the policies put in place governing the safe collection, storage, and use of sensitive customer data within fintech applications, online platforms, and digital services.These organizations are constantly evolving, pushing the envelope where digital progress is concerned. While banks offer the benefit of in...

Curiosity killed the cat and in today's classrooms it seems it is also crashing the school server, pinching teachers' passwords, and rewriting the lunch menu for a laugh.Recent data released by the UK's Information Commissioner's Office (ICO), highlights that the same curiosity for technology that can lead a young person into a career in cybersecurity can also lead them into trouble.According to...

From which patches you can skip to the effectiveness of a “golden image,” find out the tips and tricks of CVE management.

These days, defense contractors need to stay nimble where compliance is concerned. As technological threats advance, the need for clarity, specificity, and simplicity increases, leading to changes in the regulations that govern contractor cybersecurity. A recently released US Department of Defense (DoD) memo has spurred rumblings that the underlying NIST framework on which the DoD-mandated CMMC ...

AI is no longer science fiction. It is in the inbox. It is in the network. It is in every attack and every defense. Cyber attackers are learning fast. They use AI to scan, craft, and exploit. They automate what used to take hours. They personalize at scale. And defenders are racing to keep pace, building AI-driven tools to stop what attackers create. “Threat actors are constantly innovating and...

A US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Volodymyr Viktorovich Tymoshchuk (who is also said to use the aliases "deadforz", "Boba", "msfv", and "farnetwork") has been charged for his alleged role in a series of ransomware attacks that extorted...

Today’s Patch Tuesday Alert addresses Microsoft’s September 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-55234From the advisory, “Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess...