Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog post updated for clarity. In late September 2025, several European airports reported significant delays and flight cancellations due to disruptions with their check-in and passenger systems. As a global leader in aviation technology and the backbone of passenger travel, protection of systems and customer operations is paramount for Collins Aerospace. Nonetheless, the vendor of the vMUSE check-in system had been hit by a ransomware attack.

Cybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users. Attackers frequently exploit high-profile events to carry out social engineering attacks while people are confused or stressed, as these users are more likely to act without careful consideration.

In the high-stakes world of financial services, trust is the cornerstone of every client relationship. But here's the challenge that keeps financial leaders up at night: how do you maintain the stringent security clients demand while delivering the rapid response they expect? It's a delicate balancing act that has become increasingly complex in our digital-first world. The reality is stark. A data breach can trigger a mass exodus, with 33% of clients saying they'd switch providers after a data incident.

Threat actors are abusing X’s generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by tricking Grok into thinking it’s answering a question, and providing a link in its answer. “In this attack campaign, threat actors circumvent X’s ban on links in promoted posts (designed to fight malvertising) by running video card posts featuring clickbait videos,” ESET says.

Ransomware is the gift that keeps on giving… and taking. I’ve been tracking ransomware for almost nine years now, and I’ve seen it progress from simple and annoying malware to an organization-ending threat for many. I’m not big on pushing FUD (Fear, Uncertainty and Doubt), so when I say that it is one of the biggest cyberthreats to organizations in the small and medium-sized business space, I am not exaggerating.

A new survey found that 50% of UK residents aged 16 to 34 cite deepfake nudes as their top worry related to AI technology, SecurityBrief reports. The survey, published by VerifyLabs, found that 35% of Brits across all age groups said sexualized deepfakes of themselves or their children were their top concern. “The study indicated that more than one in three respondents (36%) are also worried about the impact deepfakes could have on their family and friends,” SecurityBrief writes.

Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union Agency for Cybersecurity (ENISA). “With regards to the primary method for initial intrusion, phishing (including vishing, malspam and malvertising) is identified as the leading vector, accounting for about 60% of observed cases,” the agency says.

The financial services industry operates in one of the most heavily regulated environments in the business world. With sensitive client data flowing through every transaction and communication, financial institutions face an increasingly complex web of compliance requirements that can make or break their operations. Traditional approaches to data governance simply aren't cutting it anymore. The Perfect Storm of Regulatory Challenges.

Google’s Mandiant has published guidance on defending against an ongoing wave of social engineering attacks targeting organizations’ Salesforce instances. The organized criminal gang tracked by Google as “UNC6040” has been using voice phishing attacks to trick employees into granting access.

I have been writing about the need to better train our programmers in secure coding practices for decades, most recently here and here. At least a third of data compromises involved exploited software and firmware vulnerabilities and we are on our way to having over 47,000 separate, publicly known vulnerabilities this year. There are at least 130 new vulnerabilities learned and publicly reported every day, day after day. That is a lot of exploitation. That is a lot of patching.