Cyber attacks are on the rise. In 2023, a PWC survey revealed an almost 10% increase in data breaches that resulted in over $1 million in damages. Threat actors are constantly adapting their techniques to stay one step ahead, and organizations need all the help they can get to protect their infrastructure from the threat of intrusion.Data security posture management (DSPM) is an essential tool in...

As we use more cloud applications, it’s become harder to maintain and control our multi-cloud environments. Because of this increasing complexity, configuration errors are becoming increasingly common; Gartner says that 99% of cloud security failures will be caused by misconfiguration. To prevent breaches caused by cloud misconfigurations, organizations rely on cloud data security solutions....

Agentic AI systems are designed for autonomy, but autonomy changes everything. These aren’t traditional vulnerabilities or software bugs; they’re design-level weaknesses where decision logic, data context, and control boundaries collide. And after a year of watching real agents drift, loop, and improvise in production, one thing’s clear: intelligence without constraint isn’t progress, it’s risk...

Data sprawl, the uncontrolled proliferation of data across cloud platforms, collaboration tools, and devices, is creating unprecedented challenges for organizations. As organizations generate and store ever-increasing volumes of unstructured data, every new file, workspace, or database adds complexity, multiplies exposure points, and increases the likelihood of sensitive information slipping...

Discover why fixing misconfigurations and patching vulnerabilities can prevent up to 85% of cyber threats. Learn how proactive cyber hygiene saves time, money, and reduces SOC overwhelm.

We recently sat down with Errol Weiss, Chief Security Officer (CSO) at Health-ISAC to better understand the challenges, excitements, and concerns facing executive-level security leaders: in healthcare and across the board. We discussed subjects including prescriptively preventing burnout, the largely untapped value in sharing threat intelligence, and closing the security loop so CISOs can sleep at...

This year, Fortra has been pushing the security envelope on a number of different fronts, and we’re excited to stay on the forefront of cyber change.On that note, here are Fortra’s top ten highlights of 2025. Running these down at year’s end keeps us honest. It shows both our customers and us how far we’ve come, and the exciting places we’re heading toward.1. Acquiring Lookout Cloud SecurityFortra...

Now that CMMC 2.0 enforcement is finally underway, the whole topic of the U.S.’s Cybersecurity Maturity Model Certification needs to be revisited. Version 2.0 was simplified and finalized in 2024; however, its official start date was November 10, 2025. Consequently, defense contractors and hopefuls will have to officially clear this latest set of hoops to earn government contracts with the U.S....

Learn how Python pickle serialization exposes AI/ML pipelines to supply chain attacks. Discover exploitation methods and actionable steps to secure your models.

Below we describe post compromise activity taken by a threat actor following exploitation of the Windows Server Update Service (WSUS) remote code execution vulnerability CVE-2025-59287. In this breach, we have observed the threat actor using several common, typically benign tools to achieve their goals and attempt to mask their actions.The threat actor downloaded Velociraptor, a digital forensics...

Lynn Penick explores how small, disciplined steps can significantly improve cybersecurity maturity and prevent catastrophic breaches. Using the Louvre Museum heist as an example, it emphasizes that security failures often stem from simple oversights — like weak passwords — rather than sophisticated attacks.

The blog highlights the severe challenges facing U.S. cybersecurity due to a government shutdown and the expiration of the Cybersecurity Information Sharing Act of 2015. With CISA operating at only 35% capacity, federal support for CISOs is minimal, leaving organizations vulnerable to escalating nation-state cyberattacks. The lapse of liability protections discourages companies from sharing threat data, weakening collective defense efforts.

Discover details on CVE-2025-55182, the React2Shell remote code execution vulnerability. Learn about exploitation trends, detection challenges, and key actions for security teams to mitigate risk and identify compromise indicators.