Information security

Information security

Yesterday (Jan. 20), the Commission unveiled its revised Cybersecurity Act proposal after months of behind-the-scenes negotiations that reportedly caused substantial friction between officials and member states. This sweeping update introduces measures to identify and potentially exclude "high-risk" third countries and companies from Europe's critical digital infrastructure across 18 essential sectors, including energy systems. As cybersecurity threats continue rising since the original Act took effect seven years ago, the EU is essentially drawing new battle lines in the global tech landscape.

A U.S. judge recently dismissed a shareholder lawsuit that accused cybersecurity company CrowdStrike Holdings Inc. ( NASDAQ: CRWD) of making false statements about its software testing before the 2024 global outage. Also, it has announced its intent to acquire Seraphic and SGNL, as well as new strategic partnership with Nord Security. The share price is 6.3% lower than a month ago and down 3.9% from six months ago, underperforming the Nasdaq in both time frames.

is a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within wifi distance, creating an army of zombie drones under your control.

Research from Pentera Labs reveals evidence of active exploitation in customer-managed business cloud environments, particularly within Fortune 500 companies and cybersecurity vendors. This exploitation is targeting training applications utilized by said organizations. These are applications typically deployed for security demos and training, including OWASP Juice Shop, DVWA and Hackazon. The research discovered thousands of systems exposed, with several hosted on enterprise infrastructure using Azure, AWS and GCP cloud platforms.

To start, having your Google Ads account hijacked can be devastating, and it is just that much worse on the agency level. Your budgets can be spent, your bank accounts can be depleted, and your account history and reputation can be ruined. All of this can also lead to losing advertising clients and maybe worse. We covered some of this in our November story.

BIG - ShinyHunters confirmed to me that they are behind the recent Okta vishing campaign and have published alleged data from three major victims ( Crunchbase, SoundCloud, and Betterment) on their new blog, stating more are coming. 🔽

"A floor manager responsible for production asked me to fix his PC, which was so slow he could literally make a coffee in the time between double-clicking an icon and having the program open," Parker told On Call. The manager's PC was only a year old and ran Windows XP, a combo that at the time of this tale should have made for decent performance.

Last year, the security consulting community reached a new milestone: the introduction of the Ed Chandler Security Innovation Award. The award, presented for the very first time at CONSULT 2025 and co-sponsored by SecuritySpecifiers and Security magazine, honors the life, legacy and influence of Edmonds (Ed) Chandler Jr. The inaugural award is designed to recognize the innovation that advances both the practice and impact of security consulting.

aware of claims that an unauthorized third party obtained certain data.

Over the past few years, while applying for security and risk-related roles, I noticed a pattern that surprised me: many background screening vendors only asked for a few years of employment history, minimal address information, minimal educational verification, and returned results within one or two days. In contrast, I also noticed that industries with higher regulatory standards, such as finance and transportation, conduct far deeper checks that can span from weeks to months.