Today’s Patch Tuesday Alert addresses Microsoft’s August 2025 Security Updates. We are actively working on coverage for these vulnerabilities and expect to ship ASPL-1169 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2025-53779A vulnerability in Windows Server 2025 allows authorized users with access to the msds-groupMSAMembership and msds...

Over the next year, domestic and foreign adversaries almost certainly will continue to threaten the integrity of US critical infrastructure,” states the Homeland Threat Assessment 2025. “We are particularly concerned about the credible threat from nation-state cyber actors to US critical infrastructure.” In light of these and other severe threats to U.S. federal agencies, the issue of federal...

What Is Banking Regulatory Compliance?Banking regulatory compliance encompasses adhering to the policies put in place to ensure the stability and integrity of financial systems. These requirements are enacted by government institutions, or governing bodies of financial institutions themselves.Stable economies depend on trustworthy and resilient financial systems. Banking regulations exist to...

A company, which offered insurance and repair services to cell phone owners across Germany, and generated revenues of up to 70 million Euros (US $80 million) has collapsed following a ransomware attack. Einhaus Gruppe, located in Hamm, Nordrhein-Westfalen, was founded in 2003 and had over 5000 sales partners across Germany. And yet, despite the company's success, an attack by the Royal ransomware...

Fortra's July 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Google.Up first on the list are patches for Chromium and Microsoft Edge (Chromium-based) that resolve type confusion, information disclosure, and remote code execution vulnerabilities.Next on the list are patches for Microsoft Office, Word, Excel, PowerPoint, and Teams. These patches resolve...

The digital world has become a battleground of code and consequence. Cybersecurity no longer hides behind the IT desk. It stands center stage, an operational, legal, and existential concern. In Portugal, as across Europe, the rules are tightening, and the margin for error is shrinking. For global businesses, understanding Portugal’s cybersecurity laws is not a footnote. It’s the headline.The Core...

It’s been over a decade that I’ve worked primarily in the world of File Integrity Monitoring and Secure Configuration Management, helping to ensure that hundreds of different companies are able to detect unauthorized or unexpected changes to their configurations.Security has changed a lot over that period, and yet there’s been some surprisingly consistent experiences in the field that I will often...

As more enterprises expand their business through an increasingly wide web of vendors, applications, and software supply chains, risk exponentiates. Find out how to build safely—without taking on unnecessary third-party risk.

Security teams don’t suffer from a lack of data. They suffer from a lack of clarity. Every scan, every alert, every dashboard shouts for attention. The result? A wall of red. Thousands of vulnerabilities. Hundreds marked critical. Dozens hitting the same system. Teams are left staring at the mess, asking the only question that matters: Which one do we fix first? That question doesn’t get enough...

Countries don’t restrict cyber threats; they cross borders in milliseconds, exploiting gaps in governance, visibility, and readiness. As the global cost of digital failure surges, so does the urgency to confront what can no longer be delegated or denied. In Latin America, one country is stepping out in front. Chile isn’t sitting around waiting for disaster to strike; it’s building a legal firewall...

There is good news for any organisation which has been hit by the Phobos ransomware. Japanese police have released a free decryptor capable of recovering files encrypted by both the notorious Phobos ransomware, and its offshoot 8Base. What is Phobos Ransomware?Phobos first emerged in late 2018, as a ransomware-as-a-service (RaaS) operation, working with affiliates to demand payment from victims...

Two in three financial institutions faced cyberattacks in 2024, and that trend shows little sign of letting up. Because of their valuable data – hooked conveniently to direct financial information – FinServ organizations are perennial targets for hungry attackers. But this isn’t news to anybody. Financial institutions understand the threats, and for the most part, they are some of the most...

Learn about CVE-2025-1727, a high severity vulnerability that impacts railway systems, its impacts on critical infrastructure, and how federal compliance regulations can help defend against the threat of exploitation.

It’s no revelation to say that compliance and security are not synonymous, but recent events have reinforced the maxim. Adhering to even the strictest data protection standards is no longer enough to protect retailers from increasingly sophisticated cyber threats.Instead, complete compliance needs to be paired with strategic, resilience-focused cybersecurity practices to combat risks facing retail...

"Operation Elicius", a joint international law enforcement operation involving Europol and police forces in Italy, France, and Romania, has successfully dismantled a Romanian ransomware gang that targeted network-attached storage (NAS) devices and arrested its suspected leader.The so-called "DiskStation Security" ransomware group has targeted and compromised NAS devices - particularly those...

APWG’s quarterly Phishing Activity Trends Report analyzes phishing trends and insights reported to APWG by their member companies and research partners. This blog provides a high-level overview of the latest phishing trends to watch out for, in addition to quotes and insights from Fortra experts.