Chris Reffkin, Chief Security & Risk Officer at Fortra, authored an article for Manufacturing.net that outlines how technology and security leaders should react in the critical early moments of a ransomware attack. He explains why containment must remain the top priority, how leaders should communicate clearly and quickly with executives, and how to assess the impact with support from legal and incident response teams.

Ricardo Narvaja’s vulnerability research is featured in Cyber Security News, examining CVE-2026-2636, a denial-of-service flaw in Windows’ Common Log File System driver. The vulnerability allows a low-privileged user to trigger an unrecoverable Blue Screen of Death through a simple proof of concept requiring only two API calls. 

Software and cloud vulnerabilities continue to grow in volume and complexity. In IT Security Wire, Tyler Reguly outlines how organizations can move beyond patching everything and instead focus on prioritization, stakeholder alignment, and asset visibility to reduce fatigue and improve outcomes.

Fortra is featured in the Q4 2025 APWG Phishing Activity Trends Report for its analysis of Business Email Compromise activity and attacker behavior. Fortra examined thousands of BEC attacks during the quarter and identified a 136 percent increase in wire transfer attempts. The average request amount rose to 50,297 dollars. The report also highlights Scripted Sparrow, a threat group that has become...

Ransomware groups are increasingly using AI powered bots to scale negotiations, compress timelines, and pressure incident response teams.

Bob Erdman, Associate VP of R&D at Fortra, is quoted in a recent The Epoch Times feature exploring how personal data accumulates on the darknet, how criminals monetize breach information, and why these underground markets continue to grow despite law enforcement action. Erdman highlights how repeated breach exposures allow attackers to build and trade increasingly complete identity profiles,...

CSO reported on Microsoft’s February 2026 Patch Tuesday release, which addressed 60 vulnerabilities, including six that are new and actively exploited.

Josh Davies was featured in a recent The Register article examining the risks behind the viral AI caricature trend.

Family Handyman published an article exploring how QR codes, now widely used for payments, menus, and information sharing, are being abused by scammers.

The FIRE team uncovered an SEO poisoning marketplace that helps threat actors manipulate search rankings by placing malicious backlinks on compromised but legitimate websites.

John Wilson, Senior Fellow, Threat Research at Fortra, authored an article for The AI Journal examining the security implications of OpenAI’s Sora 2. The piece looks at how increasingly realistic AI-generated video changes the threat landscape, particularly around deepfakes, social engineering, and the misuse of personal likenesses. 

In a Computing Security feature, Pablo Zurro, senior product manager at Fortra, shares perspective on how breach and attack simulation and penetration testing continue to play a critical role as attackers adapt and innovate.

Tyler Reguly, Associate Director of Security R&D at Fortra, was quoted in a CSO article examining Microsoft’s January 2026 Patch Tuesday, which includes an actively exploited zero-day and several critical vulnerabilities affecting Windows, Office, and SharePoint.

Josh Taylor examines how hacktivism has shifted from headline-grabbing stunts to something far more complex and harder to spot.

Pig butchering scams blend romance, emotional manipulation, and financial fraud. In an episode of DateNight... with Laurel House, John Wilson breaks down how organized cybercrime groups use AI generated identities, fake profiles, and crypto investment schemes to exploit victims at scale.

In Security Boulevard, Tyler Reguly explains why the goal of patching every vulnerability is not just unrealistic but counterproductive. Drawing on more than two decades in vulnerability management, he argues that security teams need to stop chasing raw CVE counts and instead focus on risk, context, and asset intelligence to decide what truly matters.Originally published in ​Security Boulevard....