Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Payment Card Industry Data Security Standard (PCI DSS) is a global initiative that provides a consistent, baseline framework of security measures, facilitating their adoption and implementation. PCI DSS Requirement 2.2 states that System components are configured and managed securely. In this guide, we will provide the necessary background and context to understand and comply with Requirement 2.2.

In this article The hospital’s electronic health records system went dark at 2:47 AM on a Tuesday. By 6 AM, doctors were scrambling with paper charts while patients waited in emergency rooms across three facilities. The IT team had backup systems, sophisticated monitoring tools, and a disaster recovery plan that looked impressive on paper.

As we advance into 2025, data privacy continues to be a critical area of focus for organizations worldwide. The accelerating pace of technological innovation, coupled with heightened consumer awareness and stricter regulatory frameworks, demands that technology leaders prioritize data protection. This article explores key trends shaping the future of data privacy and offers actionable insights for navigating this complex landscape.

When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In turn, credential theft has risen as a low-tech way for threat actors to gain easy access to target environments.

Trustwave SpiderLabs' upcoming report, the 2025 Trustwave Risk Radar Report: Technology Sector, will be released on June 25 and will delve into the threats in the technology industry and how to stay secure. The report, an update on the team’s 2024 Technology Threat Intelligence Briefing and Mitigation Strategies, provides a comprehensive analysis of novel cybercriminal tactics and techniques, identifying the top trends that significantly affect the technology industry.

Imagine for one moment that you are a cybercriminal. You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there's a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice? Well, if you are an affiliate of the Qilin ransomware group, you can simply hit the "Call Lawyer" button.

Mobile applications are at the heart of today’s digital experience, but with their convenience comes a growing landscape of security threats. For developers and security teams, simply building a functional app is no longer enough—protecting user data and business assets must be woven into every stage of the mobile app lifecycle. That’s where the OWASP Mobile Application Security Testing Guide (MASTG) steps in.

Alert fatigue is a common phenomenon in Security Operations Centers (SOCs). It’s the digital equivalent of crying wolf. As SOCs are flooded with a relentless stream of alerts—many of which are low priority or false positives—it becomes increasingly difficult to identify truly critical security threats. Analysts are stuck spending countless hours verifying, contextualizing, analyzing, and acting on information, often at the cost of missing out on critical alerts.

Around 16 billion login credentials have been leaked online, potentially affecting services like Apple, Google, Facebook, and more. Learn how to check if you’re impacted and discover practical steps to secure your accounts with tools like 1Password. Sixteen billion leaked login credentials. That’s the number of records security experts at Cybernews recently identified, making this one of the most significant credential leaks ever discovered.