Information security

Information security

The cybersecurity landscape is a dynamic arena in which innovation and threats evolve relentlessly. ISACA's State of Cybersecurity 2025 report - drawing insights from more than 3,800 professionals worldwide - offers a critical snapshot of this environment. It highlights persistent staffing shortages, the transformative impact of AI, rising stress levels and constrained budgets. Together, these findings underscore the delicate balance organizations must strike between technology, talent and well-being.

2025 has been a transformative year for cybersecurity, with emerging technologies and evolving threats changing the landscape as we once knew it. Reflecting on the year, there are several trends that come to my mind, both good and bad. Organizations prepared for a quantum future, foreign adversaries and cybercriminals alike made strategic moves, and industries as a whole found themselves targeted with waves of cyberattacks (such as the case with the retail sector).

Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal. In every Akira attack the threat detection firm analyzed between June and October that involved buggy SonicWall SSL VPN appliances, the ransomware operators gained access to the bigger, acquiring enterprises because they had already compromised the smaller companies' SonicWall gear.

The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results. In a statement, the scientific organisation said one of the trustees had lost their key in "an honest but unfortunate human mistake", making it impossible for them to decrypt - and uncover - the final results.

Online trading has become a normal part of how people invest and manage money today. With so many platforms available, it can be hard to tell which ones truly protect personal data and funds. Knowing how to identify a secure trading platform helps safeguard both money and peace of mind. A trusted platform follows clear rules, uses strong security tools, and treats users with honesty.

Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, have published their own technical teardown of the vulnerability that doesn't mince words about the ease with which criminals can weaponize it. The researchers call exploitation "trivial," describing a single HTTP request that bypasses OIM's normal authentication flow and ultimately gives an attacker remote system-level control. Oracle disclosed the bug in October, but didn't indicate that it was under active exploitation.

Corporate data associated with certain of our clients' relationship with SitusAMC such as accounting records and legal agreements has been impacted.

As software application development teams now start to embrace an increasing number of automation tools to provide AI-driven (or at least AI-assisted) coding functions in their codebases, a Newtonian equal and opposite reaction is also surfacing in the shape of governance controls and guardrails to keep AI injections in check as these technologies now surface in the software supply chain.

Among the benefits, tabletop exercises simulate a real-life attack so firms can put incident response plans to the test, including decision-making processes, communications and technical measures. When done well, tabletop exercises can expose blind spots and help response teams "build the muscle memory needed to act fast when the real thing hits", says Adam Harrison, managing director in the cyber security practice at FTI Consulting. So what types of tabletop exercises are available and how can you use them in your business?

That problem related to the fact that the IACR's bylaws require three members of its election committee to each hold a portion of the cryptographic key material required to jointly decrypt the results. "This aspect of Helios' design ensures that no two trustees could collude to determine the outcome of an election or the contents of individual votes on their own: all trustees must provide their decryption shares," the update explains.

It seems like everyone has a spam story or two to tell. And we're not talking about in a lifetime. No, spam is an everyday nuisance and something we live with. The problem impacts every corner of the web. Sure, it litters social networks and enterprise applications. But even the smallest websites are bombarded with phony comments, form submissions, user registrations, and e-commerce orders. This hurts the user experience and makes life miserable for site owners.

However, this change has come with some difficulties, since all our business information is stored online there has also been a spike in criminals who want to get profit out of stealing said information or preventing business operations. Just in 2024, the FBI has reported over $16.6 billion in losses related to cybercrime, and this value is only increasing year over year making that an "observable" environment must also be a "secure" one.

A lawsuit brought by the US Securities & Exchange Commission (SEC) against SolarWinds has been dropped. The legal fire was also directed at the company's CISO, Timothy G. Brown. Brown's alleged personal responsibility will now not be determined in court. It therefore appears that CISOs have less to fear from the law than previously thought. CISOs are responsible for securing their company's IT infrastructure.

A growing number of scammers are impersonating TechCrunch reporters and event leads and reaching out to companies, pretending to be our staff when they absolutely are not. These bad actors are using our name and reputation to try to dupe unsuspecting businesses. It drives us crazy and infuriates us on your behalf. It ebbs and flows. Judging by the increased number of emails we're receiving, asking, "Does this person really work for you?" it appears to be happening more actively at the moment.

Nearly two-thirds (62%) of Americans said they're likely to grab a holiday deal as soon as they spot one, according to the 2025 Norton Cyber Safety Insights Report, as reported by Gen Digital, the parent company of Norton and GOBankingRates. And this is often without vetting the source. That kind of impulse buying can make shoppers easy targets for fake online stores.

Chronosphere was built to scale for the data demands of the AI era from day one, which is why it is chosen by leading AI-native and born-in-the-cloud organizations,

Cybersecurity researchers have disclosed details of a new Android banking trojan called Sturnus that enables credential theft and full device takeover to conduct financial fraud. "A key differentiator is its ability to bypass encrypted messaging," ThreatFabric said in a report shared with The Hacker News. "By capturing content directly from the device screen after decryption, Sturnus can monitor communications via WhatsApp, Telegram, and Signal." Another notable feature is its ability to stage overlay attacks by serving fake login screens atop banking apps to capture victims' credentials.

In a world where every click and connection creates both opportunity and exposure, digital progress and digital risk now go hand in hand. As technology propels organizational innovation, it simultaneously widens the surface for cyberthreats. From AI-generated attacks to sophisticated ransomware, what was once an IT problem is now everyone's responsibility. This article explores how organizations can move past defense to build resilient-by-design cybersecurity: the ability to anticipate, withstand, recover, and adapt in the face of evolving digital threats.