Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ever since Microsoft’s initial announcement on February 13, 2025, about a Russian nation-state phishing campaign using "device code phishing," many people have been wondering what it is. This post will tell you what device code phishing is and how to defend against it. Here are some other related reports involving the recently reported device code phishing attacks.

Scammers are exploiting the death of Pope Francis to launch social engineering attacks, according to researchers at Check Point. The researchers note that threat actors often take advantage of high-profile tragedies and crises to exploit victims’ emotions. “They typically begin with disinformation campaigns on social media platforms like Instagram, TikTok, or Facebook, uploading fake images generated by AI,” the researchers write.

Black Friday is retail’s biggest moment—and retail IT’s biggest challenge. Spikes in traffic, strained systems, and the constant fear of outages turn what should be a commercial win into an operational war room. For many retailers, it’s a time of sleepless nights, emergency vendor calls, and systems pushed to their breaking point. But it doesn’t have to be this way.

With the pace of growth in financial services accelerating, fintech is, in real terms, the new normal, not the new disruptor. Cloud technology has fueled this revolution, equipping companies with tools that can be scaled quickly in response to customer demands and market needs, and enabling cost savings that can be passed on to these customers.

Security testing hasn’t just fallen behind—it’s playing the wrong game in a world where product teams ship updates like software streams, testing once a year is akin to locking the doors after the party has ended. It’s not just late; it’s irrelevant. Most orgs still treat pentests like performance reviews: formal, infrequent, and disconnected from the day-to-day reality. But risk doesn’t work on an annual schedule.

APIs (Application Programming Interfaces) are the invisible backbone of everything from mobile banking to cryptocurrency exchanges. These powerful interfaces enable transactions to become frictionless, allowing data to be shared in real-time and services to be integrated in new ways across platforms, thereby transforming the way financial services operate and delivering customer value. But that very interconnectedness that drives innovation also creates new points of risk.

We admit it – we’ve had our heads in the clouds recently. Since we started working with Wiz as one of their integration partners, we’ve been spending even more time thinking about cloud assets. And these assets are everywhere! Gartner predicts double digit growth across all cloud segments in 2025.

Raising the bar for cybersecurity can’t happen in silos. Resilience comes from shared knowledge, mutual support, and proactive partnerships — between public and private sectors, large enterprises and small businesses, academia and industry. In this respect, joining the SOC4SME program to offer free services is not just a gesture — we’re doing it because we believe cybersecurity is a shared responsibility.