Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Strengthening cyber resilience with Elastic Security and Observability

A guide to aligning with SEBI’s CSCRF using Elastic's integrated security and observability capabilities Financial institutions in India are preparing for a new era of cybersecurity compliance with the Securities and Exchange Board of India’s (SEBI) Cybersecurity and Cyber Resilience Framework (CSCRF).

MDM Restrictions for iOS Devices: Lock Down, Secure & Empower Your Business

Managing iPhones and iPads across your organization can feel like a never-ending challenge. From misuse of apps to potential data leaks—businesses need a better way to stay in control. In this blog, you’ll learn how iOS MDM restrictions can help you apply smart policies, secure devices, and streamline mobile operations.

The future of continuous control monitoring in hybrid IT environments

Organizations are increasingly relying on hybrid IT environments in an era of rapid digital transformation to support their operations, innovate, and drive growth. This dynamic environment, which integrates on-premise infrastructures with cloud-based solutions, introduces unprecedented complexities and challenges for continuous control monitoring (CCM).

Sensitive Data: Examples & How to Protect It

As a security professional navigating the new challenges constantly cropping up in cybersecurity, it’s critical to understand the ways your organization’s data could be exposed. Safeguarding sensitive information is paramount for organizations across all industries. Whether it's personal data of customers and employees or proprietary business information, the consequences of data breaches can be severe, ranging from financial losses to reputational damage.

How Python Is Reshaping Cybersecurity Automation

Cybersecurity teams are overwhelmed. Systems are more complex, and data flows nonstop. As attack surfaces grow, real-time responses are not just ideal - they're necessary. Python is quietly becoming the backbone of security automation across many industries, and here's how.

The Hidden Risk in Your Cloud: And What to Do About It

It's easy to assume everything in the cloud is sorted. Files get saved, apps sync across devices, permissions exist. And on paper, that sounds tidy enough. But in practice? Data goes wandering. A spreadsheet ends up in the wrong folder. A document shared with the wrong person stays shared. A test environment is spun up, used once, then forgotten. Nobody deletes it, of course. Nobody remembers it, either.

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

On April 15, 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for the vulnerability, SonicWall indicated on April 15, 2025 that the vulnerability was being exploited in the wild. The vulnerability was added to CISA’s known exploited vulnerabilities (KEV) catalog the following day.

Building better workflows with multiple drafts

In today's security and IT landscape, the workflows that power your operations are not merely convenient tools—they're essential infrastructure. When a phishing detection workflow fails or an access control process malfunctions, the consequences can be severe: security incidents remain undetected, response times suffer, and organizational risk escalates significantly. This reality creates a paradox for teams.

The Critical Importance of Supply Chain Risk Management in Cybersecurity

In the contemporary digital era, supply chains have transcended their traditional role as mere logistical networks. They have evolved into pivotal ecosystems that underpin the success of modern businesses. Nevertheless, as these intricate systems undergo digital transformation, they have become increasingly vulnerable to cyberattacks.

The Continued Abuse of Legitimate Domains: A Spike in the Exploitation of Google Drive to Send Phishing Attacks

First QuickBooks, then Microsoft, and now Google—will the hijacking of legitimate third-party platform communications stop escalating in 2025? Our Threat Labs researchers predict the answer is no. As long as these attack tactics remain effective, cybercriminals will continue to use them, which likely explains the spike in the exploitation of Google Services for phishing attacks observed in the first month of 2025.