In the context of ongoing cyber risk assessment , ransomware is one of the most commercial and destructive forms of cybercrime. Amidst the ocean of crime groups within cyberspace, the Cl0p ransomware syndicate is one of the more refined and persistent threats. This group of cyber-thieves has made notorious headlines with aggressive forms of extortion and campaigns.

As applications grow more complex, they incorporate many third-party libraries and open-source components, often making it challenging to fully understand and manage the security risks they introduce. To address these concerns, application security engineers are increasingly turning to tools that provide greater visibility and control over software components.

Building on EO 14028, EO 14144 advances U.S. cybersecurity with actionable steps for identity governance and secrets management.

After years in the technical writing trenches at industry giants like Cisco, Riverbed, and Akamai, I now lead the Sysdig Documentation team. I’m Shuba Subramaniam, and I’m passionate about creating content that truly helps people — whether they’re exploring Sysdig for the first time or troubleshooting a tricky issue at 2 a.m.

Remote work isn’t just a temporary trend anymore; it has become a permanent fixture. What began as a quick response during the pandemic has evolved into the new normal for businesses worldwide. In America, 20% of people now work from home. While this has its advantages (flexibility for workers and cost savings for businesses), it’s not without its complications, having cracked open a host of issues around cybersecurity and regulatory compliance.

Fortra’s Tripwire has always been widely known as a File Integrity Monitoring (FIM) solution, and a very good one at that. The good news is that it still is - only when you look closely, it’s a lot more. And it always has been. Besides its traditionally known role as an integrity and security configuration management tool, Tripwire’s powerful capabilities make it a comprehensive cybersecurity solution.

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access on a need-to-know basis) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and remove access in a standardized, timely, and repeatable way across an entire organization.

In December 2024, Cyberhaven fell victim to a sophisticated cyberattack that exploited a phishing campaign targeting its Chrome Web Store account. This breach compromised over 400,000 users by injecting malicious code into its browser extension, exfiltrating sensitive data such as cookies and session tokens. The incident has drawn significant attention due to Cyberhaven's role as a cybersecurity provider and the broader implications for browser extension security.

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security. Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious. “When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports. “Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number,” BleepingComputer explains.