Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We all trust HR - or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025. Out of the top 10 templates people interacted with between May 1 - June 30, 2025, an incredible 98.4% had subject lines relating to internal topics - with HR mentioned in 45.2%.

Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120% surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in February. (FYI in our previous post, we explored the psychology that makes these attacks so effective.

NATO has fundamentally redefined what it means to defend the alliance. At the 2025 NATO Summit in The Hague, allies made a commitment to investing 5% of Gross Domestic Product (GDP) annually on core defense requirements and defense and security-related spending by 2035. This represents a dramatic escalation from the previous 2% GDP benchmark. The commitment also includes a condition about how they are to invest that money.

Running servers on virtual machines provides you with a list of advantages such as scalability, rational resource usage, high availability, load balancing, convenient management, data protection features, etc. For this reason, you may want to migrate some of your physical servers to virtual machines. This process is also known as physical to virtual conversion, and referred to by the acronym P2V.

Prioritizing which vulnerabilities to fix across your application isn't always easy. Is it exploitable? Is it reachable? Will the update introduce breaking changes? Are there any other teams using this library that you should be aware of? What does the backlog look like if other changes need to be made? And that's just this week. Next week, it'll be the same thing all over again, with new discoveries, new version releases, and maybe even a new cybersecurity breach.

The quantum threat isn’t theoretical—it’s operational. Quantum computing is rapidly shifting from research to reality, forcing chief information security officers (CISOs) to rethink cryptography, risk management and long-term data protection. In a previous post, I explained the quantum challenge. Recently, we explored why quantum readiness is not optional. Now, it’s time for action.

Deepfake attacks targeting executives are no longer a sci-fi scenario—they’re a real, escalating threat. In 2024 alone, over 105,000 deepfake incidents were reported in the U.S., contributing to $200 million in financial losses in Q1 of 2025. Scammers deepfake voices and videos of CEOs or CFOs to coax employees into sending money or exposing sensitive data. The sophistication and accessibility of this technology demand layered defenses—both human-focused and tech-driven.

The release of a new KuppingerCole Leadership Compass is always a significant event for the cybersecurity industry, offering a vendor-neutral view of the market's current state. The 2025 edition, focusing on API Security and Management, is critical as it arrives at a pivotal moment for technology. It clearly presents a fact many organizations are just beginning to understand: the crucial connection between the rise of Artificial Intelligence and the necessity for robust API security.

Web Application and API Protection (WAAP) solutions have become increasingly vital in today’s cybersecurity strategies, providing essential defenses against attacks targeting web applications and APIs. It’s no surprise that APIs are growing in popularity, with 80% of companies reporting that more than half of their applications depend on APIs—a figure projected to reach 88% within the next 24 months (ESG Research, 2025).

If you’ve decided relying on annual penetration tests isn’t enough anymore (smart move), the next question is: “What’s the best way to continuously prove — and improve — our internal security posture?” There’s no shortage of platforms out there promising to be your automated red team, internal pentester, or attack-surface explorer. But dig deeper, and you’ll see not all of them are built the same.