Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We are excited to announce the launch of Seal OS, the first holistic solution designed to automatically fix vulnerabilities in both Linux operating systems and application code. Seal OS delivers long-term support for a wide range of Linux distributions, encompassing Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Alpine, and more. This support extends to various deployment models, including containers, virtual machines, and bare metal installations.

Managing iOS apps across multiple devices can be complex and time-consuming. Are you struggling with app deployment, security, and updates? In this blog, we will break down the must-have MDM features for iOS application management. By the end, you will have a clear roadmap for securing and streamlining OS devices for your business.

Threat-led penetration testing brings together specialist offensive (red team) security skills and threat intelligence to enable businesses to proactively test and identify any weaknesses, deficiencies or gaps in their controls and counteractive measures that could be exploited by threat actors. In this article, we set out what threat-led pen testing is, how it relates to the Digital Operational Resilience Act (DORA) and the testing requirements included as part of the new EU regulation.

In the first part of Trustwave SpiderLabs’ Russia-Ukraine war blog series, we gave a brief look at our major findings as well as the main differences between how Russia and Ukraine wage attacks in the digital frontlines. In this part of our series, we shed light on how both countries target government entities, defense organizations, and even human targets as part of their overall strategy to win the war.

The European Union (EU) Network and Information Security Directive 2 (NIS2) introduces stricter cybersecurity requirements than its predecessor, the original NIS Directive. With the compliance deadline fast approaching, in-scope organizations must take proactive steps to ensure they have enacted NIS2 requirements, thereby strengthening their security posture.

Cybersecurity automation has followed a path familiar to many emerging technologies: a cycle of inflated expectations, hard realities, and eventual refinement. Gartner’s “hype cycle” provides a useful framework for understanding this journey—initial enthusiasm and lofty expectations give way to challenges and disillusionment before practical, high-value use cases emerge.

System downtime from faulty software updates can cost businesses huge money losses every second. This reality shows why up-to-the-minute data analysis has become a vital part of modern enterprises. Companies now deal with endless data streams from countless transactions. Knowing how to spot unusual patterns right away could make all the difference between grabbing opportunities and facing harsh setbacks.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of late February 2025, Cyjax has identified DLSs for six new groups in 2025, as noted in recent blogs on extortion groups Kraken, Morpheus, GD LockerSec, Babuk2, and Linkc. The latest DLS which Cyjax has identified is named Anubis. This Ransomware-as-a-Service (RaaS) group appears to be sophisticated and professional, providing services including affiliates, data ransoms, and access monetisation.

Artificial Intelligence (AI) is a double-edged sword in cybersecurity, empowering both defenders and attackers. AI-driven security systems are often used to detect threats in real-time, analysing large datasets for anomalies, and automating responses to cyberattacks. However, cybercriminals are also leveraging AI to create advanced malware, automate phishing attacks, and evade traditional defenses.