AI is revolutionizing our lives in terms of productivity, automation, customer service, and more. AI is becoming so important that organizations increased spending on compute and storage hardware infrastructure for AI deployments by 37% year-over-year in the first half of 2024, reaching $31.8 billion. However, like most technological advances, the good often comes with the bad.

‍Embracing cyber risk management during a time in which the average cost of a data breach nearly surpasses $5 million is not merely a strategic option; it’s an absolute imperative. ‍ This calculated move, however, is not as straightforward as deploying an end-point detection solution, for example, or conducting monthly cybersecurity awareness sessions.

DoD, GSA, and NASA recently published a proposed amendment to the Federal Acquisition Regulation (FAR): Controlled Unclassified Information (FAR Case 2017-016) or ‘FAR CUI Rule’. It presents critical updates on managing Controlled Unclassified Information (CUI) in federal contracts, aiming to create a uniform approach across government agencies for handling and protecting sensitive information while addressing gaps in current policies.

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

It’s a warm, sunny day as you lie in the sand under a big umbrella. Suddenly, you feel the waves crashing against your feet, only to look down and see numbers, letters, usernames, and timestamps. You try to stand up, but you feel the tide of big data pulling you under… With a jolt, you wake up, realizing that you were having another nightmare about your security Data Lake and analytics.

At Pentest People, we prioritise customer feedback to continually enhance SecurePortal. Based on your suggestions, we are thrilled to introduce two major new features: Single Sign-On (SSO) and Company Tasks, alongside other key improvements. Company Tasks lets you efficiently manage outstanding questionnaires and proposals requiring attention. Easily assign tasks to the most suitable team members within your organisation, ensuring timely action.

Read also: Europol’s largest-ever operation seizes millions in criminal assets, Italian teen arrested for hacking, and more.

Most enterprise security teams spend hundreds of hours annually filling security questionnaires and sharing compliance documents with customers. A trust center cuts this down to near zero by putting everything in one place. The concept isn’t new – organizations have long maintained security documentation. However, recent data breaches, stricter regulations, and cloud adoption have transformed an essential requirement into a business driver.

Penetration testing (aka pentesting or ethical hacking) might sound intense—and honestly, it is—but think of it as your digital stress test. Ethical hackers mimic real cyberattacks on your systems to find weak spots before the bad guys do. The coolest part? Pen tests come in different flavors, each targeting specific risks. So, how do you know when it’s time for a pentest? How often should you schedule them? And which one is right for your business?

The cybersecurity landscape has shifted dramatically over the last several years. More and more work takes place outside of the office and in the cloud — in fact, experts expect the cloud market to exceed $676 billion in 2024. It’s not hard to see why. With the cloud, organizations gain unprecedented freedom to work how they want, whether that’s in-office, in one or more cloud environments, or in a hybrid of multiple approaches.