Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A KnowBe4 Threat Lab publication Authors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary Attackers exploit redirects that lack safeguarding mechanisms to borrow the domain reputation of the redirect service, obfuscate the actual destination and exploit trust in known sources. Whitelisting URLs, only allowing a predefined set of URLs to be rewritten, is an effective countermeasures against the vulnerability on the server side.

The rise of agentic AI tools will transform the cybercrime landscape, according to a new report from Malwarebytes. Agentic AI—which is still under development—is a step above the generative AI tools that are currently available to the public, and will likely be widely released in 2025. While these tools will have many legitimate uses, they’ll also enable cybercriminals to scale their attacks.

Together, Snyk and Google Cloud enable modern security practices that unify cloud and application security efforts. This collaboration simplifies risk management for CISOs, providing a cohesive strategy to protect cloud-native environments and the applications running within them. Security leaders often struggle with fragmented tools that create silos between cloud security and application security teams.

The question of ownership is one of the biggest reasons vulnerabilities persist in organizations far longer than they should. Who owns vulnerabilities? This isn’t just a theoretical debate—it’s a critical operational issue. Modern scanning solutions excel at identifying and prioritizing vulnerabilities, but without clear ownership, those vulnerabilities often linger unaddressed or improperly documented, increasing an organization’s risk exposure.

WatchGuard Technologies, a leading provider of unified cybersecurity solutions, today revealed its participation in the Amazon Web Services (AWS) Independent Software Vendor (ISV) Accelerate Program. This co-sell initiative connects AWS Partners offering software solutions that operate on or integrate with AWS, helping them drive new business by directly linking ISVs with the AWS Sales team.

Region: European Union (Global impact for companies handling EU residents' data) Scope: Data privacy, security, and governance The GDPR sets the gold standard for data protection, demanding comprehensive compliance across a spectrum of activities. Organizations must ensure lawful data processing, gain explicit consent, enable data portability, and implement measures like data protection by design and default.

As the Kubernetes landscape continues to evolve, there is often the need to adapt to newer, more robust distributions. SUSE has announced the end of life of RKE (Rancher Kubernetes Engine) in favor of RKE2, a Kubernetes distribution designed with enhanced security, resilience, and scalability. For organizations running workloads on RKE, this shift marks an important milestone—but it also raises questions about how to migrate workloads safely and efficiently.

Artificial Intelligence (AI) has been a game-changer in industries that have further churned into process efficiency and revolutionized cybersecurity. On the flip side, its potential has been weaponized by threat actors. Google's Threat Intelligence Group (GTIG) recently came out with reports which showed that state-sponsored hackers are actively exploiting Google's AI-powered Gemini assistant to strengthen their cyberattacks.

Today's transforming cyber threat landscape is an age of major malice regarding malware. Lumma Stealer remains one of the most fascinating malicious pieces out here. The aim of this blog is to tell you about all recent activities regarding this malware within the year 2025. Thereby, focusing on some practical real-based scenarios, where incidents have unfolded using this malware as a sample analysis, with line-by-line analysis of malware along with dissected code infection patterns.

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.