Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Last year, nearly 60% of cyber compromises were directly attributable to unpatched vulnerabilities – flaws that organizations knew about but hadn’t remediated in time. The problem with traditional vulnerability management (VM) approaches is they treat every finding equally, leaving security teams drowning in noise and fighting to sort serious risks from low-level tasks. This is where Risk-Based Vulnerability Management (RVBM) comes in.

The Cybersecurity Maturity Model Certification (CMMC) program went live on Oct 15th, 2024 with the publication of the 32 CFR Part 170, “Final Rule”. CMMC is the framework designed by the Department of Defense (DoD) to enforce the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) shared with government contractors, subcontractors and suppliers across the defense industrial base.

The decision to buy a Security Information and Event Management (SIEM) product or outsource to a Managed Detection and Response (MDR) depends on a number of factors, including the size of your organization, the complexity of your IT infrastructure, and your overall security needs. Before we get into the main discussion, let’s step back and define what we are talking about so everyone is on the same page.

Seeking a FedRAMP authority to operate is a critical part of any cloud service looking to work with the government in an official capacity. It’s required if you are going to handle controlled unclassified information on behalf of the government or its contractors, and since the requirements trickle down, you don’t even necessarily have to be part of the government’s prime contractors to need your ATO.

APIs are the connective tissue of the digital economy, silently enabling transactions, data exchanges, and automation across industries. Yet, as businesses rush to integrate APIs into every aspect of their operations, they often overlook a significant reality: APIs are rapidly becoming the most targeted attack vector in cybersecurity.

Weak employee passwords create significant security risks. According to Keeper Security’s Password Management Report, 34% of users reuse variations of strong passwords, which leaves systems vulnerable. Employees who reuse strong passwords – even with slight modifications – can jeopardize the security of sensitive data. To reduce risk, employees should develop smart habits to improve their password hygiene and minimize human error.

When it comes to the stress of dealing with eCommerce scams, digital business teams don’t need reminding. But the current and projected cost of eCommerce fraud is truly staggering. A study by Juniper Research, a leader in fintech insights, forecasts that eCommerce fraud is set to leap from $44.3 billion in 2024 to $107 billion by 2029. That’s stomach-churning 141% jump. Needless to say, eCommerce fraud prevention has never been a more pressing goal.

The traditional approach to managing security operations centers (SOCs) is straining the mental and physical reserves of even the most skilled security analysts—while also failing to provide the protection organizations need against today’s threats. Analysts are left to respond to a never-ending stream of alerts, resulting in an overwhelming, reactive cycle that stifles proactive investigation and threat hunting.

This year at Stablecon 2025, I had the privilege of delivering the opening keynote on behalf of Fireblocks. We supported the inaugural event as title sponsor because we believe stablecoins are reaching a pivotal moment—and this gathering marked an important step toward shaping the conversations that will define the space. For us, it was also a moment to take stock of how far the ecosystem has come—and the role Fireblocks continues to play at the center of it.

How would you like to earn yourself millions of dollars? Well, it may just be possible - if you have information which could help expose the identities of cybercriminals involved with the notorious RedLine information-stealing malware. The US Department of State is offering up to US$10 million for information about the government-backed hackers believed to be behind RedLine malware attacks, which have included US critical infrastructure among their targets.