Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI is moving through enterprises faster than security teams can track. Over the past year, AI privacy incidents have risen 56%, and most of those stem from tools security never knew were in use. 84% of SaaS tools are purchased outside IT, and 62% of CISOs say fewer than a quarter of AI tools in use have been approved through procurement. That means sensitive, regulated, or confidential data is often flowing to AI services invisibly, sometimes across borders, without governance or guardrails.

While financial institutions enjoy many benefits from cooperating with third-party service providers, this cooperation also raises significant concerns regarding the security of the data and resources these vendors have access to. In this article, we discuss why financial institutions hire independent contractors and what cybersecurity risks this cooperation entails. We also explore how building a third-party vendor risk management program can help you mitigate these risks.

In its 2025 State of the Underground report, Bitsight TRACE identified the manufacturing sector as the most targeted industry for the third consecutive year, accounting for 22% of the 4,853 cyberattacks where sector attribution was possible. Manufacturing is the backbone of global supply chains, and when a cyberattack halts operations, even just briefly, the ripple effects can be enormous. Production delays, missed shipments, and service disruptions quickly cascade across industries.

The current trends in healthcare technology adoption present an interesting dynamic. Healthcare systems globally have been and continue to experience rapid digital transformation to the point where we now see increasingly embracing AI, internet-connected medical devices and telehealth solutions. Trustwave SpiderLabs captured what is taking place in its recent report Cybersecurity Challenges for Healthcare in 2025.

Summertime in the U.S., Europe, and many other regions typically falls between June and September. Tech teams, admins, and even their bosses take vacations. Inboxes slow down, and production systems finally get a breather. But for the threat actors behind Oyster, while others were reaching for sunscreen or enjoying real sea fishing, they launched their own phishing campaign using something far more effective than email and sharpened their hook.

Oracle Kubernetes Engine backup requires a solid strategy that covers both applications and infrastructure. Oracle OKE handles orchestration well, but data protection remains your responsibility. A cluster failure or misconfigured setting can wipe out critical data and cause hours of downtime. This guide shows you how to build effective backup systems for your OKE environments.

In early August 2025 a new Telegram channel emerged presenting itself as an amalgam of three well-known cybercriminal labels Scattered Spider, ShinyHunters and LAPSUS$. Within 24 hours the channel published a steady stream of claims, partial data dumps and screenshots tied to a wide range of incidents, including retail and luxury brands, government entities, and cloud-platform related breaches. The channel’s activity revived public attention on several overlapping trends.

Many cybersecurity teams today suffer from what experts call the execution gap—a disconnect between gathering intelligence and taking timely, effective action. Instead of empowering action, disconnected dashboards and alert overload often leave teams overwhelmed. To close this gap, industry must evolve from generating alerts to enabling decisions. The execution gap refers to the struggle teams face in turning overwhelming visibility and data into structured, prioritized response.

Once the frontier of innovation, the cloud has become the battleground of operational discipline. As cloud complexity rises, the most common and costly security threats aren't advanced nation-state attacks. They're internal errors. According to the CSA's Top Threats to Cloud Computing Deep Dive 2025, more than half of reported cloud breaches stemmed from preventable issues like misconfigurations, IAM failures, and operational oversights. These are self-inflicted and are happening with alarming frequency.

Australia’s updated Protective Security Policy Framework (PSPF) now mandates the adoption of Zero Trust principles. Australia’s Protective Security Policy Framework (PSPF) Annual Release 2025 now formally mandates the adoption of zero trust principles to improve cybersecurity posture. Government organisations must now align their cybersecurity strategies with the Information Security Manual and the Guiding Principles to Embed a Zero Trust Culture.