Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ever wonder why you see ads for stuff you talked about, but never searched? Learn what’s happening. If you've ever mentioned something in passing and then seen an ad for it shortly after, you're not imagining things. Learn how ads can sometimes follow you from real life to your screen, and how secure browsers with built-in ad blockers can help you take back control of what you see online. Many people have had the experience of mentioning something casually and then seeing ads for it later.

Security doesn’t stop at the perimeter. The “inside” of your network often harbors many overlooked risks. To address this, ealier this year we launched Detectify Internal Scanning, designed to bring our world-class vulnerability research directly into your private ecosystems.

A new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and living-off-the-land techniques,” Microsoft says.

Scams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders. On March 31, 2026, malicious hackers hijacked the development account of a lead maintainer of a popular open source product called Axios used by many companies. It has over 100 million downloads a week. Note: The Axios involved here is not Axios, the news media company.

There’s never a good time to disclose a breach, but days before your IPO has to rank near the bottom of the list. That was the backdrop to the Vercel breach. On Sunday the 19th, the company confirmed that attackers had walked into parts of its internal environment and walked back out with customer API keys. Early reporting focused on the flashy parts: an attacker claiming ties to ShinyHunters, a $2 million BreachForums demand, crypto teams rotating credentials with the IPO roadshow in full swing.

As the volume of software supply chain attacks continues to grow, organizations must increase controls over how they sign, store, and release code. DigiCert has launched two cloud-based solutions that help organizations both protect their private keys and improve the efficiency of their code signing operations: DigiCert KeyLocker and DigiCert Software Trust Manager.