Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers recently analyzed attacks of an adversary targeting users based in Brazil via WhatsApp. The attack lures users into downloading a zip archive. The zip archive contains a shortcut file (.lnk) which ultimately downloads and executes a banking trojan which BlueVoyant researchers have dubbed Maverick internally based off the naming convention used by the attackers.

Researchers at Foresiet are actively investigating a major data leak targeting Red Hat, following claims made by Scattered LAPSUS$ Hunters, who have reportedly joined forces with the Crimson Collective, following claims made by the Scattered LAPSUS$ Hunters, who have reportedly teamed up with the Crimson Collective.

Many teams assume that embedding payment forms in an iframe keeps them compliant with PCI DSS 4.0.1, Requirement 6.4.3. The reasoning sounds logical – compliance seems guaranteed if card data never reaches your infrastructure. However, iframe payment security PCI DSS 6.4.3 doesn’t work on assumptions; it works on control. The responsibility shifts to new layers of your website’s supply chain.

DevSecOps is often discussed as the solution for integrating security into rapid development cycles. Yet, misconceptions about what it is and how it works can prevent teams from adopting it. As an engineering manager, you need to balance speed with quality, and introducing a new methodology can seem disruptive. The truth is, a well-implemented DevSecOps framework doesn’t create bottlenecks; it removes them. It empowers your team to build secure, high-quality software faster.

In honor of Cybersecurity Awareness Month, we’re focusing on ways to avoid cyber scams. It may sound simple, but it isn’t, especially since cybercriminals are getting more and more clever in their methods. Scams can come in many forms, from fake emails to fraudulent websites, and they can be hard to spot if you’re not careful.

As Kubernetes adoption accelerates, more organizations are running virtual machines (VMs) inside Kubernetes using platforms like OpenShift Virtualization, SUSE Virtualization, KubeVirt, Mirantis k0rdent Virtualization, and Spectro Cloud VMO. This hybrid approach consolidates container and VM workloads on a single infrastructure, improving flexibility—but it also introduces new challenges for backup and recovery.

Banking executives managing $16 trillion across 1,040 federally supervised institutions wake up to a harsh reality every day. Cybersecurity in banking isn’t just another checkbox on their risk management list anymore it’s become their biggest operational nightmare affecting the entire financial services industry.

Your password manager might be closing up shop, putting your digital security at risk. In recent months, two major tech players – Dropbox and Microsoft – have discontinued their built-in password manager features. If you’ve been relying on Microsoft Authenticator or Dropbox Password, it’s now time to decide how you’ll protect your accounts going forward.

File Integrity Monitoring (FIM) is a process that provides security by monitoring and verifying changes made to critical files, directories, and system configurations in an IT environment. This is accomplished by taking the current state of files, operating system binaries, application files, configuration files, logs, or sensitive data, and comparing them against a known and trusted baseline.

Third-party attacks have emerged as one of the most critical threats in the modern cyber landscape. Adversaries increasingly exploit vulnerabilities within external vendors, suppliers, contractors, and service providers to gain indirect access to target organizations, often with severe consequences. These breaches can lead to significant data loss, operational disruption, regulatory penalties, and reputational damage.