Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Online fraud remains a significant and rapidly expanding threat in today's cyber threat landscape. According to the FTC, consumers in the U.S. lost a staggering $12.5 billion to fraud in 2024, a 25% surge from the previous year. The most commonly reported category? Imposter scams. This difficult-to-intercept form of fraud alone accounted for $2.95 billion of those losses.

Attackers have made a decisive switch toward stealthy, identity-centric attacks. Forget breaking in – modern cybercriminals simply log in. And that should be a concern. According to the IBM X-Force 2025 Threat Intelligence Index, nearly one-third of intrusions in 2024 were initiated not through sophisticated attacks, but through valid account exploitation.

The boy who cried wolf goes back to a fable where a shepherd boy mocked the other villagers by telling them that a wolf was attacking the flock. The villagers believed him at first, but he was just laughing with them. When the shepherd boy repeated his joke, villagers started to ignore him and at some point a real wolf comes and attacks the sheep. The boy ‘cried wolf’ but nobody believed him anymore.

The summer travel season is almost here, and travelers worldwide are in the process of booking their holidays, thus placing some of their most vital personal and financial information into the hands of the hospitality industry. A fact not lost to threat actors who thrive on gaining access and stealing this data.

Marbled Dust exploits a zero-day vulnerability in Output Messenger, a sophisticated phishing campaign uses Horabot malware, and TA406 shifts its targeting behavior.

AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts of data and plays an increasingly important role in operations; should cybercriminals abuse it, the consequences can be dire.

Modern application environments are increasingly complex, combining containers, microservices, CI/CD pipelines, and ephemeral compute. While Static Application Security Testing (SAST) and Software Composition Analysis (SCA) can uncover vulnerabilities during build time, they often leave a critical gap: runtime security flaw detection and determining whether a detected flaw is actually exploitable and running in production.

By integrating Cisco’s Firepower Threat Defense (FTD) with Splunk’s analytics platform, your security team immediately gains comprehensive, organization-wide visibility into network threats far beyond what any single firewall can detect alone. Yet, despite the critical need to bridge network and security data, many organizations still deploy perimeter defenses like Cisco's FTD but struggle to convert its rich telemetry into actionable insights useful to a SOC.

Modern cloud ecosystems often place a single identity provider in charge of handling logins and tokens for a wide range of customers. This approach certainly streamlines single sign-on (SSO) for end users, but it also places enormous trust in a single set of signing keys. If those private keys are compromised, attackers can create tokens that appear valid to any service that relies on them.

When developing a web application, dev teams can choose from two fundamental design patterns: Single-Page Applications (SPAs) or traditional Multi-Page Applications (MPAs). Deciding which one to use can depend on multiple factors, but more and more companies are developing SPAs since they can provide a smoother user experience (UX), which, in turn, might just result in better user adoption.