Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s world, cyberthreats are so prevalent that they expose both public and private organizations to data breaches. A single account with excessive privileges is enough for a hacker to infiltrate the entire organization. To protect your organization from such incidents, you can delegate permissions to users based on their roles and responsibilities. This is where role-based access control (RBAC) comes in.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we’ll explore a few ways to identify dark data and mitigate the risks it poses. Dark data is a threat to organizations. Despite efforts to prevent it, dark data inevitably makes its way into systems and is often left unaddressed.

Which approach provides superior cybersecurity: a single-vendor platform portfolio or a multivendor best-of-breed ecosystem? Superficially, single-vendor platforms seem to have various advantages: But take a closer look, and glaring gaps appear. Multiple, headline-grabbing security incidents have involved large platform players, and if you’re a seasoned cybersecurity leader, you should consider the risks associated with putting all your eggs in one basket.

Are your employees accessing restricted websites during work hours? Unrestricted web access on company devices can lead to decreased productivity and increased security risks. For businesses, controlling online activity on work-issued Android phones and tablets is essential to maintaining a secure and focused work environment.

The recent UK Home Office proposal designed to hinder and disrupt ransomware operations through several proposed measures, including a targeted ban on ransomware payments, has again brought this question into the public square. The question of whether to pay a ransom demand is a decades-long argument with ardent opinions on both sides.

The top cyber threats facing the manufacturing industry are ransomware, supply chain attacks, insider threats, phishing and social engineering attacks. In 2023, the manufacturing sector accounted for 25% of all cyber attacks, making it the most targeted industry. As the manufacturing industry increasingly relies on the Internet of Things (IoT) to improve efficiency and productivity, addressing security risks has become essential.

In a recent discovery, our research team uncovered a fake VS-code extension—truffelvscode—typosquatting the popular truffle for VS-code extension. This extension serves as a trojan horse for multi-stage malware. This blog takes a closer look at how the malicious extension operates, its obfuscation techniques, and IOCs related to this incident.

Published first as a whitepaper in late 2024, the 2025 OWASP Top 10 for LLM Applications is yet another monumental effort from OWASP made possible by a large number of experts in the fields of AI, cybersecurity, cloud technology, and beyond—including Mend.io Head of AI Bar-El Tayouri. LLMs are still new to the market but beginning to mature, and the OWASP Top 10 for LLM Applications is maturing alongside it.

Creating an enterprise security-first culture is one of the most impactful things a CISO can do to protect their organization. Sure, high-tech solutions and fancy tools are important, but they are largely ineffective when staff are unable or unwilling to play their part in preventing, identifying, and reporting security incidents. However, in the quest to develop a positive cybersecurity culture, many Chief Information Security Officers (CISOs) inadvertently create a toxic environment.