Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Domain-name system (DNS)- based cyber attacks are becoming increasingly complex, and AI will only make managing them even more challenging. According to a recent report, Chief Information Security Officers (CISOs) anticipate a tumultuous season of cyber threats, with low confidence in their abilities to defend against them effectively.

Trustwave SpiderLabs' upcoming report, the 2025 Trustwave Risk Radar Report: Technology Sector, will be released on June 25 and will delve into the threats in the technology industry and how to stay secure. The report, an update on the team’s 2024 Technology Threat Intelligence Briefing and Mitigation Strategies, provides a comprehensive analysis of novel cybercriminal tactics and techniques, identifying the top trends that significantly affect the technology industry.

The cybersecurity landscape has reached a turning point. In this article, George Patsis, CEO of Obrela, challenges the traditional, tool-centric approach to cyber defense and goes through Obrela’s ground breaking approach to: real-time risk management. With cyber threats growing more complex and unpredictable, organizations must shift from reactive threat detection to a context-aware, business-aligned risk management.

Your IT department just sent out its annual reminder to complete security awareness training. Employees dutifully clicked through their training modules, passed a short quiz, and checked off the compliance box for another year. Ask yourself, does this process really give you confidence that your organization is prepared to dispel today’s security threats? Well, the odds aren’t in your favor.

I hear a lot these days about SBOMs and how they are going to be the key to supply chain security accountability, to even include a Presidential Executive Order mandating SBOMs in the procurement process for federal agencies. There are multiple areas of research going on in this area, such as this Academic SBOM Repository. But before we get too far down the road, let’s get one thing straight: SBOM isn’t going to save us. It’s a transparency tool, not a solution.

A staggering 74% of cybersecurity incidents originate from within, and when looking at insider risk, 82% of incidents result from unintentional actions by well-meaning employees. More people are working from home, bringing their own devices, and connecting globally, which is widening the threat landscape. Attackers are more advanced, as they utilize AI and other technology to make their phishing and hacking attempts more sophisticated.

The rise of generative AI has fundamentally changed how we work, create, and collaborate. But as organizations rush to integrate AI tools into their workflows, they're inadvertently creating entirely new categories of data risk that traditional security measures weren't designed to handle.

Cybersecurity weaknesses span both software and hardware systems, creating numerous opportunities for exploitation. Among the most common access vectors leveraged by threat actors are phishing attacks and Common Vulnerabilities and Exposures (CVEs). When left unpatched, CVEs can pose significant risks to an organization’s systems, exposing sensitive data and operational assets to potential compromise.

The speakers at ShowMeCon 2025 explored why policy isn't protection without validation. AI, identity, and threat detection must align to reduce operational risk.

For the second time in a row, Bitsight has been named an Overall Leader in the KuppingerCole Leadership Compass for Attack Surface Management (ASM)—and it’s not just a title. The report offers a deep dive into how organizations are using ASM to get ahead of cyber threats by proactively managing their digital risk.