The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government program designed to standardize and streamline the assessment, authorization and continuous monitoring of cloud computing services for federal agencies. It establishes a consistent set of security requirements for Cloud Service Providers (CSPs) to ensure their products meet the rigorous security and privacy needs of the federal government.

While vulnerability management is one of the few preventative practices in security, vulnerability patching is still a reactive process. It’s a continuous cycle of discovery, vendors releasing patches, and remediation teams applying those patches. What if there was a way to build in some proactivity to this endless reactive spiral?

Recently, an Apache Tomcat web server vulnerability, tracked as CVE-2024-50378, has been published, exposing the platform to remote code execution through a race condition failure.

A primary goal for security teams is identifying specific threats to their environment, but they often face the daunting task of reviewing vast amounts of log data and alerts. Even with well-crafted detection rules, sifting through irrelevant data to pinpoint essential details for an investigation can be a significant challenge. This not only prolongs investigation times but also increases the risk of overlooking critical information.

enabling businesses to proactively uncover vulnerabilities that could otherwise be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

Spear phishing plays a significant role in causing data breaches and cyberattacks. It costs businesses and individuals millions of dollars each year. Spear phishing is different from traditional phishing, which covers a broad spectrum. It targets specific individuals or organizations and uses tricks to make the victim reveal some sensitive information. This article explores spear phishing. It covers its unique traits and offers expert tips to identify and stop such attacks.

Cybersecurity involves anticipating threats and designing adaptive strategies in a constantly changing environment. In 2024, organizations faced complex challenges due to technological advances and sophisticated threats, requiring them to constantly review their approach. For 2025, it is crucial to identify key factors that will enable organizations to strengthen their defenses and consolidate their resilience in the face of a dynamic and risk-filled digital landscape.

Recently, Google made headlines with the announcement of its new quantum chip, Willow, marking another step forward in the fascinating world of quantum computing. The technology promises to solve problems that are currently intractable for classical computers, fueling excitement—and a fair bit of concern—about its implications for cryptography, particularly the widely used RSA encryption.

Since December 16, 2024, Arctic Wolf has observed increased activity in a social engineering campaign associated with Black Basta ransomware. In this campaign, threat actors were observed using Microsoft Quick Assist and Teams to impersonate IT personnel and engage in malicious activities upon contacting victims. This is a continuation of the Black Basta campaign we reported on in a security bulletin sent in June 2024.

In Continuous Threat Exposure Management (CTEM), risk assessment acts as the central thread that ties all components together, turning raw threat intelligence, vulnerability detection, and external attack surface monitoring into actionable mitigation strategies.