A small entrepreneur-led digital marketing agency was having a regular morning with client calls, design presentations, and ad discussions. Suddenly, every team member was locked out of their accounts and couldn’t access their e-mails, cloud folders, or even the company bank account – their data had been taken hostage digitally. This isn’t just a cautionary tale.

Cato announced today that it’s become the first SASE platform vendor to achieve PCI DSS v4.0 compliance. More specifically, compliance with PCI DSS v4.0.1. While particularly significant for retailers handling payment data, PCI DSS v4.0 compliance will also benefit non-retailers strengthening their security posture, reducing risk exposure, and demonstrating compliance with industry best practice.

Following the emergence of data-leak sites (DLSs) for Babuk Bjorka, GD LockerSec, and Morpheus in January 2025, a new extortion group called Kraken and its DLS has been observed in February. Read on to find out what Cyjax knows so far about this new threat group.

In today’s digital landscape, cyber threats are evolving at an unprecedented pace, growing more sophisticated and harder to detect. With each passing day, businesses and individuals alike find themselves navigating an increasingly complex threat environment. This complexity isn’t just about the number of attacks, it’s about their evolving tactics, the widening attack surface, and the sheer difficulty of distinguishing real threats from background noise.

Today, I will be going over Control 2 from version 8.1 of the top 18 CIS Controls – Inventory and Control of Software Assets. I will go over the seven safeguards and offer my thoughts on what I’ve found.

By now, we should all be pretty well acquainted with phishing scams. They've been around for a very long time—nearly 30 years, in fact—and are the primary focus of most security awareness training programs and initiatives. Despite this, phishing remains remarkably effective, with over 90% of successful cyberattacks beginning with a phishing email. Why? Because these scams are constantly evolving. To protect against the next wave of phishing scams, it's important to understand them.

We are excited to announce an integration with Soneium, the Ethereum Layer-2 blockchain built by Sony Block Solutions Labs, a joint venture between Sony Group Corporation and Startale Group. Soneium provides accessible, user-centric solutions that empower individuals, creators, and enterprises to build, connect, and thrive in a borderless digital ecosystem.

In the context of penetration (pen) testing, false positives are where the testing tools or methods identify a security vulnerability or issue that doesn’t actually exist. Essentially, a false alarm. This can happen for a few reasons, such as misconfigurations in the testing tools, incorrect assumptions, or environmental factors.

On January 14th, 2025, Belsen Group emerged in the underground forum Breach Forums publishing a list of sensitive data extracted from vulnerable Fortinet FortiGate devices. Since then, they have expanded their malicious activities into acting as initial access brokers. Who are they and what do we know about them? In this blog we’ll give you the lowdown on an ambitious new threat group to be aware of.

The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for addressing cybersecurity incidents in India. Established in 2004 and operating under the Ministry of Electronics and Information Technology (MeitY), CERT-In is dedicated to enhancing the security of India’s digital infrastructure.