During August 2025, our analysts initiated 2,770 threat hunts across our customer base. Read more about the metrics uncovered.

In the age of AI, data security does more than protect your information. It can determine how your business is run. Now, more than ever, companies rely on their data to make choices about product placement, new markets, consumer trends, investments, and more. Nowhere does the adage “put good in, get good out” apply more. Yet we still see companies that undervalue data security as the fundamental...

Rebuilding a cybersecurity framework is remarkably similar to renovating a home. It’s time consuming, expensive, and, frankly, something that most people try to put off. However, just like a burst pipe or house fire would force you to renovate your home, there are certain indicators and situations that should prompt an immediate framework rebuild, regardless of budget constraints. This might...

Does there have to be tension between security and compliance? They’re certainly not the same, as I note in my previous blog, Security vs. Compliance: What’s the Difference? It’s never been fun to have to show your work, and nobody wants to be a nag, so how can the groups come together to create something stronger than the individual parts? Here are a few ways to create that winning alliance....

If the breach doesn’t get you, the fines will. According to the latest Cyber Readiness Report by SMB-focused insurer Hiscox, after being breached, one in three organizations were hit with fines large enough to impact their financial health.This could result from doing business in multiple markets - California, the EU, and Canada, for example - and accruing respective fines of thousands or even...

Normally when we write about a malware operation being disrupted, it's because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotaged by other cybercriminals.Lumma Stealer, also known as Water Kurita and Storm-2477, first came to prominence in 2022...

Some network projects, like equipment upgrades, training initiatives, and reporting, just never seem to get done. For a pep talk and practical tips to get started, keep reading.

There’s a common misconception: If organizations don’t use their domain to send email, they think DMARC is unnecessary. That couldn’t be farther from the truth. Imagine you don’t drive your car. You want to let everybody know that you don’t drive it, so if they see it around town, they know it’s not you - and something’s amiss. Fortra recently surveyed the top 10 million domains on the internet...

With network monitoring capabilities, an organization can easily measure the performance they receive from their service provider and compare these statistics against the checkpoints included in the SLA.

In the last few years, Turkey has found itself increasingly in the crosshairs of bad actors. In Q3 2023, phishing rose sharply with a 20% jump from the previous quarter and a 47% spike year-on-year. The country is also a key target for cyberattacks on industrial control systems. Cyber threats travel fast, while laws usually do not, but in Turkey, that gap is narrowing. What started as a bunch of...

The UK's National Cyber Security Centre (NCSC) has warned that the country faces an average of four "nationally significant" cyberattacks each week - a sharp 129% increase from the previous year.Of a total of 429 incidents handled by the NCSC, a record 204 were classified as nationally "significant," and 18 ranked even more seriously as "highly significant" (meaning that they had the potential to...

Today’s Patch Tuesday Alert addresses Microsoft’s October 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.In-The-Wild & Disclosed CVEsCVE-2025-47827The first exploitation detected CVE this month is a vulnerability discovered by Zack Didcott that was disclosed in May...

It was the most significant breach ever reported, but its origins were not uncommon. The 2024 Change Healthcare ransomware attack, which affected 190 million individuals and came with a price tag of $2.6 billion (and counting), started with an unauthorized intrusion.We spend billions of dollars annually on the best cybersecurity equipment innovated to date, but more and more, attackers are skating...

Fortra's September 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google. Up first on the list are Chromium and Microsoft Edge (Chromium-based) patches that resolve five issues, including use after free, inappropriate implementation, and security feature bypass vulnerabilities. Next are patches for Microsoft Office, Word, Excel, PowerPoint, and...

Security alerts never stop; they flood in, one after another. AI runs quietly in the background, sorting through a plethora of data, making snap decisions, and raising red flags when it finds anomalies. Unfortunately, somewhere else, bad actors are running similar algorithms, monitoring, probing, and learning. Efficiency (speed and scale) isn’t the danger, nor is the way security teams use these...

What's happened?The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records.Ouch! What organisations have been affected?On its dark web leak site, the hackers list numerous organisations whose Salesforce instances it claims to have breached via social...

Learn why Data Security Posture Management (DSPM) is critical to your zero trust architecture and an excellent starting point for building security resilience.