Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For decades, penetration testing has been the gold seal of cybersecurity. Auditors love them. Insurance brokers demand them. Your board sees them and believes the “secure” box for your company has been sufficiently checked. And to be clear: manual pen tests have an important place. For compliance mandates, regulatory filings, or mission-critical systems, there’s no substitute for a skilled third-party team that probes your environment.

Over the last two years, various systems and applications have been integrated with generative artificial intelligence (gen AI) capabilities, turning regular applications into gen-AI powered applications. In addition, retrieval augmented generation (RAG)-which is the process of connecting gen-AI and large language models (LLMs) to external knowledge sources-and other agents have been incorporated into such systems, making them more effective, accurate, and updated.

As cyber threats grow in complexity and financial systems become increasingly reliant on interconnected digital infrastructure, the European Union’s Digital Operational Resilience Act (DORA) is redefining the technical and governance requirements for how financial entities and their Information and Communication Technology (ICT) service providers manage, withstand, and recover from operational disruptions.

A newly disclosed zero-day vulnerability in Microsoft SharePoint Server — CVE-2025-53770 — is currently being exploited in the wild and poses a critical threat to organizations running on-premises SharePoint instances.

Authors: Tova Dvorin, Senior Product Marketing Manager | Adrian Culley, Senior Sales Engineer You’ve implemented Zero Trust. You’ve rolled out segmentation, multi-factor authentication (MFA), and policy enforcement. Your dashboards are full. But when the Board asks: —you hesitate. You’re not alone.

The physical conflict involving Iran that has played out in the Middle East over the last several days is expected to increasingly spill over into the cyber realm. According to the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), and other cybersecurity experts, organizations in the US should begin preparing for increased cyber attacks from pro-Irianian hacktivists and Iranian government-affiliated actors in the coming days and weeks.

Japan is the latest country to shift from a reactive to a proactive cybersecurity stance, with its landmark Active Cyber Defense Law. The new regulations passed in May 2025 and are set to take full effect by 2027. For cybersecurity leaders, particularly those in critical infrastructure and the enterprise sector, this legislation marks a turning point—and carries major implications about how we test, validate, and evolve our cyber defenses.

Defined by Gartner as the next evolution of breach and attack simulation (BAS), adversarial exposure validation (AEV) is a security solution that continuously assesses how well security controls prevent, detect, and respond to real-world adversarial behaviors—across multiple environments and the entire attack lifecycle.

On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.

Authors: Or Yair, Security Research Team Lead Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version.