“If you want to keep [those department heads], think like a founder, not a function. Give them ownership, not just oversight. People stay when they’re building something that matters, not just protecting something that might break,” said de Silva, who until… Read More "53% of cyber department leaders eyeing the exit"
Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential victim is distracted by the possibility of getting a… Read More "DeceptiveDevelopment targets freelance developers"
Nearly half (46%) of organizations have experienced at least two cybersecurity incidents in their supply chain over the past year, according to new research by Risk Ledger presented at Infosecurity Europe 2025. The survey also found that 90% of UK… Read More "Half of Firms Suffer Two Supply Chain Incidents in Past Year"
It’s no secret that human error still plays a significant role in data breaches – despite ongoing security and awareness training. But how do we finally disrupt this trend? The answer lies in a new approach to human risk management.… Read More "Why Human Risk Management is Now Critical in Cybersecurity"
As much as it has been used to defend and make some taxing jobs easier, AI is also being extensively employed by attackers, helping them collect specific data that is used on business email compromise (BEC) attempts. AI is already… Read More "AI gives superpowers to BEC attackers"
Academic institutions have a unique set of characteristics that makes them attractive to bad actors. What’s the right antidote to cyber-risk? 14 Apr 2025 • , 5 min. read We all want the best possible education for our children. But… Read More "Attacks on the education sector are surging: How can cyber-defenders respond?"
Vendor risk monitoring is the process of continuously identifying, assessing, and managing security risks associated with third-party vendors. This effort is crucial to a successful Vendor Risk Management program as it ensures an organization’s third-party risk exposures remain within acceptable… Read More "What is Vendor Risk Monitoring in Cybersecurity?"
Jun 03, 2025Ravie LakshmananBrowser Security / Vulnerability Google on Monday released out-of-band fixes to address three security issues in its Chrome browser, including one that it said has come under active exploitation in the wild. The high-severity flaw is being… Read More "New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch"
In this blogpost, ESET researchers provide an analysis of Spellbinder, a lateral movement tool for performing adversary-in-the-middle attacks, used by the China-aligned threat actor that we have named TheWizards. Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC)… Read More "TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks"
Inherent risks (IR) are vulnerabilities within an organization before a set of controls or auditing procedures have been implemented. IR management is a large part of enterprise risk management, which examines an entire company’s risk factors that could disrupt business… Read More "What is Inherent Risk? You Could Be at Risk of a Data Breach"
