A warning from the FBI's Internet Crime Complaint Center (IC3) has alerted the public about an emerging phishing scheme.

Heading to RSAC 2026 in San Francisco? Discover 5 ways to make the most of your RSAC experience, including a must stop at the Fortra booth.

Executive SummaryGitHub email notifications are being abused to deliver vishing content, according to findings from the Fortra Intelligence and Research Experts (FIRE) team. Vishing, or voice phishing, is a type of social engineering attack in which threat actors attempt to trick their victim into revealing personal information over a phone call or voice message, often beginning with an initial...

For an outsider, it’s difficult to fathom what goes on in a SOC. It just looks like a mess of dashboards, screens, alerts, and stressed-out analysts. One might think that the SOC’s only purpose is to detect threats — but for those in the know, there’s much more to it than that.Capacity management, escalation decisions, and explaining to the board why everything costs as much as it does are all...

A new report claims that the cost of insider security incidents has surged 20% in two years, reaching an average of US $19.5 million per organization annually, with no sign that the alarming figure is flattening.That is one of the findings of the "Cost of Insider Risks Global Report" for 2026 from the Ponemon Institute and DTEX, which claimed that the main culprit is not malicious employees...

What Fintech Security Risks Are Emerging in Financial Services? It’s no surprise that financial institutions remain high-value targets for cyber threats with the US Federal Reserve reporting that cyber risks have become an “increasingly critical concern for the US financial system.”The growth of digital banking and fintech ecosystems gives way to increased reliance on cloud infrastructure and APIs...

What Is Dropbox? Dropbox is a cloud storage and file‑syncing platform that lets users store, access, and share files across multiple devices. With more than 700 million registered users, it’s known for its ease of use, seamless collaboration tools, anywhere‑access, and reliable backups. In addition to these capabilities, Dropbox strengthens data protection through core security features such as...

We're seeing an interesting phenomenon where people want a simple, one-size-fits-all fix to assign prioritization to vulnerabilities, but it’s just not possible. Understanding the “why” is key to understanding the “what”: what teams have to do about it, and how that relates directly to whether your organization will get the hang of properly prioritizing what needs to be addressed.When you...

We recently had the chance to sit down with Bronwyn Boyle, CISO at leading fintech firm PPRO, a global payments platform that connects local transactions across borders.With three CISO positions under her belt, Bronwyn brings a wealth of experience to the finance and cybersecurity communities. She channels her perspective into tackling present-day industry problems and is an active advocate for...

API-driven configuration changes now shape most modern cloud and security environments, making traditional monitoring approaches incomplete. Without visibility into these API-level modifications, organizations risk unnoticed security drift and weakened controls. Implementing API integrity monitoring provides essential insight, accountability, and protection across cloud services, identity systems, and network devices.

In today’s cloud-first world, Amazon Web Services (AWS) is a cornerstone of digital transformation, supporting everyone from fast-moving startups to global enterprises. Its flexibility and scale allow organizations to store, process, and analyze enormous volumes of data in minutes, accelerating innovation at a pace that was once unimaginable. But that level of capability also raises the stakes:...

Executive SummaryThe findings in this report come from the results of active defense engagements with BEC threat actors. Every month, Fortra Intelligence & Research Experts (FIRE) conducts hundreds of these engagements to collect comprehensive intelligence about BEC tactics and trends to help better understand how the BEC threat landscape is evolving. The primary findings for January 2026...

A coordinated cyberattack that targeted Poland's energy infrastructure in late December 2025 has prompted cybersecurity agencies to issue urgent warnings to critical national infrastructure operators on both sides of the Atlantic.The attack, which Poland's Computer Emergency Response Team compared to "deliberate arson," targeted approximately 30 wind and solar farms, a heat and power plant, and...

The viral AI work caricature trend on Instagram is prompting users to generate job‑based AI images, unintentionally exposing sensitive personal and professional information. This activity highlights how easily threat actors can identify potential targets, exploit publicly shared details, and attempt LLM account takeovers or prompt‑based data extraction. The trend underscores broader risks of shadow AI, including the leakage of proprietary or sensitive data when employees use public LLMs. Organizations are encouraged to strengthen AI governance, monitor for compromised credentials, and deploy data‑security tools to prevent unauthorized access and disclosure.

Software as a Service (SaaS) efficiency dominates with more than 85% of business using at least one SaaS application. While it has widespread adoption, it does come with new data security risks. Some of the risks include companies that don’t comply with security standards and aren’t transparent about security. Also consider that allowing users remote access with any device can increase convenience...

Fortra's January 2026 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Microsoft Edge (Chromium-based) that resolves an insufficient policy enforcement vulnerability.Next on the list are patches for Microsoft Office, Word, and Excel. These patches resolve 11 issues...