Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The U.S. Department of Health and Human Services (HHS) has shared new guidance on HIPAA. This guidance focuses on using tracking technologies on public healthcare pages. This updated directive directly impacts healthcare organizations utilizing tools like Meta Pixel, Google Analytics, or session replay scripts. While these are effective for understanding user engagement, they may inadvertently collect PHI—protected health information—if configured improperly.

Encryption has become a vital data protection tool used by global governments, defense and enterprises. However, not all solutions use the same cipher techniques. Several encryption algorithms can be used to secure data with varying levels of security. To establish acceptable standards for encryption technologies utilized by the U.S. Government, the National Institute of Standards and Technology (NIST) published the Federal Information Processing Standards (FIPS) FIPS-140.

A list of 18 procedures (reduced from 20), or “controls,” recommended by the Center for Internet Security (CIS), must be followed to build an IT infrastructure resistant to cyberattacks. The CIS 4th Control advises to establish and maintain a secure configuration process for enterprise assets (end-user devices, including portable and mobile; non-computing/IoT devices; and servers) and software (operating systems and applications) (4.1).

Learn how Atlassians FedRAMP Moderate authorization improves cloud security for U.S. government agencies, enabling secure collaboration with tools like Jira and Confluence.

Security teams now handle up to two million alerts daily, and the time it takes to resolve threats—MTTR—can directly affect business resilience. Cloud-based Extended Detection and Response (XDR) systems address these challenges by streamlining the entire process—from detection to automated remediation. By harnessing cloud-native architectures and response automation, organizations can detect threats faster and cut resolution times significantly.

Threat actors who rely on email phishing scams as their primary method of gaining initial entry use a wide variety of social engineering lures to trick their victims. Trustwave SpiderLabs recently released the report Manufacturing Sector Deep Dive: Methods of Targeting and Breaching, which specifically calls out many noteworthy campaigns and methodologies used by the top-tier threat groups.

These days, securing sensitive data begins with a single word (or, ideally, a few): passwords. In the face of rising cyber threats, the importance of creating, using, and managing secure passwords cannot be overstated. That’s why, each year, the world sets aside the first Thursday in May to recognize World Password Day—an event dedicated to promoting the criticality of password hygiene in both our personal and professional lives.

Organizations operating in today's rapidly changing digital age face mounting threats to the level of security. Deployment of conventional methods to vulnerability management by periodic scans and blanket scoring will no longer be adequate. Instead, strategy should shift direction toward risk-based vulnerability management towards protection of digital assets.

In the vast landscape of cybersecurity, it’s often not the zero-click iPhone exploits or flashy ransomware variants that expose the most users — sometimes it’s the tools we’ve trusted for decades. One such example is CVE-2025-33028, a vulnerability in WinZip, a program that’s been a staple in personal and corporate environments for over 30 years.