organizations
-
Blog
Tenable report shows that organizations are failing to configure storage effectively – and may have a false sense of security
Tenable’s 2025 Cloud Security Risk Report has found that there’s sensitive data being held in 9% of publicly accessible cloud storage, and that 97% of this data is classified as restricted or confidential. The data includes API keys, access keys, encryption keys, and tokens, as well as traditional usernames and passwords. More than half of organizations (54%) store at least…
Read More » -
Blog
Public sector organizations are drowning in security debt
The public sector is drowning in security debt, according to new research, taking almost a year on average to fix software security flaws. A new study from Veracode found that public sector bodies need an average of 315 days to fix half their software vulnerabilities — significantly higher than the overall average of 252 days. Analysis of 1.3 million unique…
Read More » -
Blog
‘China has almost doubled their aggression in cyber’: Kevin Mandia and Nicole Perlroth warn organizations aren’t waking up to growing APT threats
The threat posed by China-backed groups to enterprises is at an unprecedented level and continues to be underappreciated, according to experts in the field. Kevin Mandia, founder at Ballistic Ventures and former CEO at Mandiant and cybersecurity reporter and author Nicole Perlroth unpacked their personal experience responding to attacks by China-based groups in a live conversation at RSAC Conference 2025.…
Read More » -
Blog
Healthcare organizations are turning a blind eye to phishing attacks
The vast majority of phishing attacks against the healthcare sector go unreported to security teams, leaving organizations unable to fully learn from their mistakes. In a survey of 150 US-based healthcare IT leaders for secure email firm Paubox, six-in-ten said they had experienced at least one email security breach last year, and three-quarters that they expected even more security challenges…
Read More » -
Blog
Get started on post-quantum encryption, organizations warned
The UK’s national cybersecurity agency is urging companies to begin preparing themselves for quantum threats by 2035. The National Cyber Security Centre (NCSC) has laid out a recommended timeline for transition to quantum-resistant encryption methods, and is strongly encouraging the adoption of post-quantum cryptography (PQC) in the next ten years. “Quantum computing is set to revolutionize technology, but it also…
Read More » -
Blog
Healthcare organizations need to shake up email security practices
Microsoft 365 is the source of almost half of all healthcare email breaches, thanks mainly to misconfigurations in security settings. According to Paubox’s 2025 Healthcare Email Security Report, email is the main attack vector in the sector, with Microsoft 365 accounting for 43% of all breaches. Proofpoint was next, at 13%, followed by Barracuda Networks and Mimecast at 7%, and…
Read More » -
Blog
Organizations urged to act fast after GitHub Action supply chain attack
More than 20,000 organizations may be at risk following a supply chain attack affecting tj-actions/changed-files GitHub Action. GitHub Actions is a continuous integration and continuous delivery (CI/CD) service that enables developers to automate software builds and tests. Workflows are triggered by specific events, for example when new code is committed to the repository. Used in more than 23,000 repositories, tj-actions/changed-files…
Read More » -
Blog
Suspected Desorden hacker arrested for breaching 90 organizations
A suspected cyber criminal believed to have extorted companies under the name “DESORDEN Group” or “ALTDOS” has been arrested in Thailand for leaking the stolen data of over 90 organizations worldwide. The suspect was arrested in Bangkok through a law enforcement operation by the Royal Thai Police and the Singapore Police Force, with the help of experts from Group-IB. The…
Read More » -
Blog
Almost half of US organizations still using Kaspersky, researchers claim
Almost half (40%) of US organizations are still using Kaspersky software despite a ban enacted in the summer, new research from Bitsight has revealed. Though the ban went into effect months ago, active use of Kaspersky products remains high, with more than 1,000 US organizations observed to be connecting to Kaspersky servers post-ban. Bitsight said only 58% of US organizations…
Read More » -
Blog
Organizations failing to use tech to reach sustainability goals
While the vast majority of organizations say they take their sustainability goals very seriously, only a few are using technology to cut their environmental footprint and shape their overall sustainability strategy. Research from Kyndryl and Microsoft shows leaders increasingly recognize the benefits of sustainability initiatives for their organizations, with 38% having increased their sustainability goals and program execution since last…
Read More »