Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union Agency for Cybersecurity (ENISA). “With regards to the primary method for initial intrusion, phishing (including vishing, malspam and malvertising) is identified as the leading vector, accounting for about 60% of observed cases,” the agency says.

I have been writing about the need to better train our programmers in secure coding practices for decades, most recently here and here. At least a third of data compromises involved exploited software and firmware vulnerabilities and we are on our way to having over 47,000 separate, publicly known vulnerabilities this year. There are at least 130 new vulnerabilities learned and publicly reported every day, day after day. That is a lot of exploitation. That is a lot of patching.

The financial services industry operates in one of the most heavily regulated environments in the business world. With sensitive client data flowing through every transaction and communication, financial institutions face an increasingly complex web of compliance requirements that can make or break their operations. Traditional approaches to data governance simply aren't cutting it anymore. The Perfect Storm of Regulatory Challenges.

Google’s Mandiant has published guidance on defending against an ongoing wave of social engineering attacks targeting organizations’ Salesforce instances. The organized criminal gang tracked by Google as “UNC6040” has been using voice phishing attacks to trick employees into granting access.

We’ve come a long way. We’ve deconstructed the problem, explored the complexity of humans, and laid out a strategic framework and a practical map—all of which can be explored in more detail in our Human Risk Management (HRM) whitepaper. Now for the final piece of the puzzle: the engine. A strategy this dynamic and personalised can't run on spreadsheets and manual effort alone. It needs to be powered by an intelligent, integrated platform.

Job-related scams surged by more than one thousand percent between May and July 2025, according to new research from McAfee. Job seekers are particularly vulnerable to scams, since they’re expecting to receive unsolicited messages and are more likely to overlook red flags. The researchers offer the following advice to help users avoid falling for these attacks: The researchers conclude that awareness is an essential layer of defense against social engineering attacks.

A new report warns of a significant spike in SMS phishing (smishing) scams targeting younger Americans between 18 and 29 years old. The report, released by Consumer Reports, Aspen Digital and the Global Cyber Alliance, also found that 30 percent of people who experienced a cyberattack or scam this year said it began over a text message or a messaging app, compared to 20 percent last year.

OpenAI, the people behind ChatGPT, have launched an updated AI video- and audio-generation system with fascinating, and terrifying, implications for the spread of deepfakes.