Summary FunkSec is a new ransomware group that came into the spotlight after attacking many sectors around the world. The group runs a data leak site on Tor. Funksec employees conduct double extortion attacks, which means hackers encrypt and exfiltrate data from the victim to extort them for paying ransom to the attackers.

Increasing frequency, new threat groups emerging, the rise of ransomware-as-a-service (RaaS) attack model, and third-party attacks are just a few of the dangerous trends Trustwave SpiderLabs details in Energy and Utilities Sector Deep Dive: Ransomware Trends. This report supplements the just released 2025 Trustwave Risk Radar Report: Energy and Utilities Sector. This broader and more comprehensive report analyzes the energy and utilities sector’s major threats and trends.

The Digital Operational Resilience Act (DORA) came into effect on January 17, across the EU. This new regulation aims to fortify the cyber security defences of financial services firms and their suppliers against digital threats. Understanding DORA is crucial for businesses as it unifies cyber security regulations, reducing vulnerabilities and ensuring compliance. In this blog, we'll explore what DORA entails, its key components, and its implications for both EU and UK-based financial institutions.

At Detectify, we help customers secure their attack surface. To effectively and comprehensively test their assets, we must send a very high volume of requests to their systems, which brings the potential risk of overloading their servers. Naturally, we addressed this challenge to ensure our testing delivers maximum value to our customers while being conducted safely with our rate limiter.

Most enterprise security teams spend hundreds of hours annually filling security questionnaires and sharing compliance documents with customers. A trust center cuts this down to near zero by putting everything in one place. The concept isn’t new – organizations have long maintained security documentation. However, recent data breaches, stricter regulations, and cloud adoption have transformed an essential requirement into a business driver.

In this episode of Trust Issues, host David Puner dives into the recent high-profile cyberattack on the U.S. Treasury Department. Joined by Andy Thompson, CyberArk Labs’ Senior Offensive Research Evangelist, and Joe Garcia, CyberArk’s Principal DevOps Solutions Engineer, they explore the timeline, details and implications of the attack. Discover proactive security recommendations, insights into zero-day vulnerabilities and the broader impact on federal cybersecurity.

In 2024’s State of Digital Impersonation Resilience report there was one key finding that neatly frames the digital impersonation fraud challenge. Of the businesses surveyed, 72% use a digital impersonation protection solution, but only 6% could confirm its efficacy. In other words, scam-targeted industries are investing in finding solutions, but those solutions aren’t delivering.

Below, we’ll take a look at how both DAST as a methodology and DAST as a tool relate to what we do at Detectify. More specifically, we’ll explain how Detectify’s solution applies DAST methodology to the full breadth of an attack surface, automating the heck out of application security testing. With these methods, we cover millions of domains before you’ve even had breakfast.

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.