Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

AI is going to allow better, faster, and more pervasive attacks. For a few years, if you attended one of my presentations involving AI, I would tell you all about AI and AI threats…perhaps even scare you a bit…and then tell you this, “AI attacks are coming, but how you are likely to be attacked this year doesn’t involve AI. It will be the same old attacks that have worked for decades.” I always got lots of comforted smiles from those ending lines. But this year is different.

The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports. The group spent the past several months targeting companies in the retail and insurance sectors, and has now hit several airlines. Scattered Spider uses social engineering attacks to gain initial access, then steals data and/or deploys ransomware to extort their victims.

Employees are expected to behave securely, and the definition of “securely” is often written down in a myriad of security policies. Yet, people do not always comply with security policies or make use of available tools. Gartner documents in their research that 69% of all employees intentionally bypass cybersecurity guidance, and 93% behave consciously and deliberately insecurely when they have to. Is Non-Compliance a Question of Motivation?

Author: Bex Bailey Our 2025 Phishing By Industry Benchmarking Report examines why organizations across Asia face some of the highest levels of cybersecurity risk worldwide. In fact, Forrester reveals that organizations in Asia Pacific (APAC) experience an average of 3.5 breaches within a 12-month period versus 2.8 globally. Organizations in the region also experience a cumulative cost of US$2.8 million against the global mean of US$2.7 million.

A new survey has found that 64% of C-Suite executives in cybersecurity or data center roles view data breaches and ransomware attacks as the top threat to companies over the next decade.

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — it’s human. Employees routinely fall for phishing scams, mishandle sensitive data or unintentionally violate security policies. While most people don’t mean to cause harm, their behavior still introduces significant cyber risk to the organization.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly. The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.