Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most fresh installs of operating systems or applications come with preconfigured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any baselines to become better aligned with the policies your organization is trying to adhere to.

Trust is the cornerstone of the hospitality industry. Guests rely on you to safeguard their personal data, payment information, and loyalty rewards. However, in today's digital landscape, this trust faces constant risks. APIs, which serve as the unseen connections among various systems and applications, are particularly vulnerable to cyber threats. A single flaw can compromise sensitive data and cripple your brand’s reputation.

This report will provide an overview of the various extortion groups, hacktivists, and initial access brokers (IABs) targeting the Middle East throughout 2024 and highlight the relevant observed trends. Specifically, this report will look at incidents affecting Egypt, Iran, Iraq, Saudi Arabia, Yemen, Syria, Jordan, United Arab Emirates, Israel, Lebanon, Oman, Kuwait, Qatar, and Bahrain.

Following the emergence of data-leak sites (DLSs) for extortion group’s Morpheus and GD LockerSec in January 2025, Cyjax has discovered a DLS which claims that the infamous Babuk ransomware group has returned. Read on to find out what we know so far.

Corporations need more advanced systems and approaches in place in order to deal with the increasing complexity of cyberattacks. This need for appropriate measures has given rise to a set of practices alongside the Managed Detection and Response (MDR) cybersecurity framework. With the help of ongoing threat hunt, continuous monitoring, and quick incident reactions, hackers are always a step or two behind a firm that uses MDR services.

With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security was catapulted to priority number one in the AI community today. According to multiple reports, OpenAI and Microsoft have been investigating whether DeepSeek improperly used OpenAI’s API to train its own AI models.

As adults, we rarely question the safety of the medicine we consume. This confidence stems from knowing that these products undergo rigorous, independent testing before reaching pharmacy shelves. Security solutions, especially those critical to enterprise operations, deserve the same level of scrutiny. Before trusting a platform to safeguard our data and systems, it’s essential to verify that it can counter the sophisticated threats we face today.

The latest ransomware players and tactics, new insights on stolen passwords, and two attacks involving O365.

In today’s threat landscape, you’re at risk if you don’t have all your identities—human and machine—secured with the right level of intelligent privilege controls. And the risk is even more significant when identities and privileges on your mission-critical Linux servers, especially those that run critical workloads or have sensitive data, are managed in silos, separately from the rest of the infrastructure.

As browsers increasingly become users' primary operating systems for accessing analytics, financial, and other sensitive data, their security requirements are evolving. While browser developers invest significant resources in secure development, one vulnerability remains difficult to address: browser extensions. Browser companies must maintain extension flexibility to allow users to customize their web browsing experience.