Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity incidents nearly tripled in the first half of 2025, jumping from 6% in the second half of 2024 to 17% in 2025, according to a new report from LevelBlue. Business email compromise (BEC) remains the most common method for initial access, but non-BEC tactics rose by 214%. The researchers observed a major surge in social engineering attacks, driven by the recent popularity of the ClickFix tactic.

In today's world, cyberattacks are a constant threat. While technical defenses are crucial, people often remain the easiest attack vector for cybercriminals. To gauge the resilience of French employees against cyberattacks, we looked at the impact of security awareness training (SAT) and phishing simulations in strengthening their defenses. Our latest report, "Go Phish: How Susceptible Are French Employees To Malicious Attacks?", aims to provide some insight.

Most MSPs think they’re ready. They have backups. Maybe cloud syncs. Some monitoring. No major restore incidents… yet. But here’s the reality: MSPs don’t lose clients over support delays or feature gaps. They lose them when recovery fails silently, unexpectedly, and publicly.

On August 5, 2025, Trend Micro released a short-term mitigation tool addressing two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Apex One. These flaws affect the on-premise Apex One Management Console and have been exploited in the wild. Both stem from a command injection issue that allows unauthenticated, remote threat actors to execute arbitrary code on vulnerable systems. While the vulnerabilities are similar, they differ based on the targeted CPU architectures.

Today, Snyk is launching a powerful enhancement to our API discovery capabilities through a strategic partnership with Akamai. This integration is designed to solve one of the most significant challenges in modern application security: the difficulty of providing API schemas for DAST scanning. By directly ingesting API inventories and their corresponding schemas from Akamai, we are transforming a difficult manual process into a seamless, automated workflow within the Snyk platform.

Today, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business.

What if I told you that compromised credentials still remain the number one avenue of initial access in all cyber security breaches? It’s no exaggeration — according to the Cisco Talos IR Trends report for Q1 2025, over half of all incidents reported involved the use of valid credentials. The 2025 Verizon Data Breach Investigations Report claims credential abuse accounted for 22% of all confirmed breaches.

Welcome, Chefs! Today we are excited to announce the release of The Threat Hunter’s Cookbook: a practitioner’s guide to learning, expanding, and applying your analysis repertoire for threat hunting. In this kitchen, our main ingredient is data!

The Trump administration is making good on its commitment to position the United States as the global hub for digital assets—starting with regulatory clarity. The White House Working Group’s latest report offers the clearest articulation yet of where U.S. policymakers are headed, coming right on the heels of the passage of GENIUS. What’s most notable? This isn’t abstract guidance or high-level principle-setting.

It’s difficult for organizations to stay secure, compliant, and efficient in an ever-expanding SaaS landscape. Every time an employee joins or leaves the company, or a software vendor is added or removed, IT and security teams must grant and revoke permissions, so the right people have access to the right tools. A mistake in this process could allow an offboarded employee to maintain access to sensitive data years after they left the company, so the stakes are high.