Information security

Information security

"World Cloud Security Day is a useful reminder to recognize how much cloud risk now comes down to everyday access decisions and overlooked misconfigurations," says James Maude, Field CTO at BeyondTrust.

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

In today's digital workplaces, cyber threats rarely begin with broken systems. They begin with everyday actions-opening emails, sharing information, or accessing online platforms. Security awareness training helps reduce cyber attack risks by strengthening how individuals recognize and respond to these situations. Rather than focusing on technical controls alone, organizations are increasingly prioritizing cyber awareness as a core defense strategy. When users understand common threats such as phishing, social engineering, and unsafe online behavior, they are better equipped to prevent incidents before damage occurs.

Never feel that you are totally safe. In July 2025, one company learned the hard way after an AI coding assistant it dearly trusted from Replit ended up breaching a "code freeze" and implemented a command that ended up deleting its entire product database. This was a huge blow to the staff. It effectively meant that months of extremely hard work, comprising 1,200 executive records and 1,196 company records, ended up going away.

Artificial intelligence agents, autonomous software that performs tasks or makes decisions on behalf of humans, are becoming increasingly prolific in businesses. They can significantly improve efficiency by taking repetitive tasks off employees' plates, such as calling sales leads or handling data entry. However, by virtue of AI agents' ability to operate outside of the user's control, they also introduce a new security risk: Users may not always be aware of

An FBI informant helped run the Incognito dark web market and allegedly approved the sale of fentanyl-laced pills, including those from a dealer linked to a confirmed death, WIRED reported this week. Meanwhile, Jeffrey Epstein's ties to Customs and Border Protection officers sparked a Department of Justice probe. Documents say that CBP officers in the US Virgin Islands were still friendly with Epstein years after his 2008 conviction, illustrating the infamous sex offender's tactics for cultivating allies.

Vulnerabilities discovered by researchers in Dormakaba physical access control systems could have allowed hackers to remotely open doors at major organizations. The security holes were discovered by experts at SEC Consult, a cybersecurity consulting firm under Atos-owned Eviden, in Dormakaba's Exos central management software, a hardware access manager, and registration units that enable entry via a keypad, fingerprint reader, or chip card.

Near-identical password reuse occurs when users make small, predictable changes to an existing password rather than creating a completely new one. While these changes satisfy formal password rules, they do little to reduce real-world exposure. Here are some classic examples: Adding or changing a number Summer2023! → Summer2024! Appending a character Swapping symbols or capitalization Welcome! → Welcome? AdminPass → adminpass Another common scenario occurs when organizations issue a standard starter password to new employees, and instead of replacing it entirely, users make incremental changes over time to remain compliant.

Before AI, phishing attempts often included telltale signs like obvious typos or rudimentary graphic design. Now that AI makes it much easier to design and code convincingly, scams are on the rise. According to , 60 percent of companies reported an increase in fraud-related losses from 2024 to 2025. And the advent of AI browsers could make things even worse.

We've excised the text, but suffice it to say that the whiteboard contains usernames and passwords for system access. It's a change from a Post-it note stuck to the screen, but it's no less likely to make a security professional shriek in horror. After all, not only is the account exposed, but anyone can use it, which renders an access log somewhat redundant.

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific offenders: Google Tag Manager (8% of violations), Shopify (5%), Facebook Pixel (4%).