There’s a dark joke in cybersecurity: each year ends with an unwelcome holiday surprise—a major security incident. This timing isn’t random. Threat actors target this timing, knowing security teams operate with skeleton crews that impact detection, investigation and response times. It’s a calculated strategy that works reliably, year after year. And now there’s another holiday surprise to add to the list—the recent attack on the U.S. Treasury Department.

At Mend.io, we’re passionate about code security. That’s why we’re thrilled to announce a strategic partnership with JetBrains that integrates Mend.io’s robust security solutions directly into JetBrains IDEs and Qodana environments. With the help of Mend.io, JetBrains users will now have access to robust Software Composition Analysis (SCA) and malicious package detection.

NASA is about to introduce new requirements for its contractors. These requirements will dramatically improve the cybersecurity of spacecraft and the US’ resilience to cyber threats. But what do these requirements mean for spacecraft manufacturers? What challenges will they face? And what will they need to do to comply? Keep reading to find out.

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards.

The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.

It was in January 2025 when a disaster leakage of data was leaked having more than 15,000 configuration files carrying VPN credentials leaked from FortiGate devices spread on several devices. It depicts acute problems inside organizations using the products by Fortinet about a higher need for an excellent security approach. The Belsen Group, the hacking collective carried out this attack by taking advantage of the zero-day vulnerability known as CVE-2022-40684.

Phishing attacks are a huge threat. They prey on human trust and manage to trick even the most tech-savvy users. A successful attack on a company’s customers can weaken it financially, create compliance issues, and cause long-lasting reputational damage. Scammers have stolen over $1 trillion globally in just the past year – a staggering figure that rivals the GDP of some nations.

Analyzing network traffic patterns is the heart of a successful security strategy. As organizations continue to grow their digital landscapes, cyber threats have also progressed in complexity and now utilize sophisticated evasion techniques to evade detection. Conventional security countermeasures are no longer able to cope with such dynamic and persistent security threats, hence now organizations are relying on network traffic analysis to detect and mitigate any security incidents.

Medusa is a ransomware-as-a-service (RaaS) platform that first came to prominence in 2023. The ransomware impacts organisations running Windows, predominantly exploiting vulnerable and unpatched systems and hijacking accounts through initial access brokers.

Cyber Rhino Threat Week (which took place from December 9 – 13, 2024) aims to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem. This keynote session certainly set the stage for the week, exploring the complexities that organizations must consider when establishing and operating an effective Cyber Threat Intelligence (CTI) program.