The State of Security

When was the last time you updated your router? If you’re not sure, you’re not alone, and this uncertainty could pose a serious risk to your business. The FBI recently warned that malicious actors are targeting end-of-life (EOL) routers (network devices that manufacturers no longer support or update). These outdated routers are being hijacked by bad actors who use them as a stepping stone into networks, turning them into cybercriminal proxies. The threat is real, and it’s growing. The weapon of choice behind many of these attacks is a sophisticated strain of malware known as TheMoon, which has…

Cyberattacks on public infrastructure are no longer hypothetical. From ransomware disabling city services to foreign actors probing utility networks, the risks are real and rising. Among the most vulnerable targets are our public water systems. Often underfunded, technologically fragmented, and encumbered by legacy systems, water utilities are easy pickings for determined attackers. In recent years, a slew of incidents have highlighted these vulnerabilities. In October 2024, American Water experienced a cyberattack that took its MyWater account system offline for a week, temporarily preventing…

Ever wondered what really drives today’s cyberattacks? It’s not always just about stealing data or demanding a ransom. Motives can vary widely depending on the attacker, their intent, and their capabilities. In the most simple terms, a cyberattack is a malicious intent to access, steal, expose, or destroy data and systems without authorized access. Every attack typically involves a motive or goal, a method of execution, and a vulnerability that’s exploited to achieve the intended outcome. The motive or intent is where it all starts. It’s what drives an attack from beginning to end. But not all…

Picture this: You’re at the supermarket, looking for your favorite brand of cereal. But the shelves are empty, staff are frazzled, and the checkout terminals are flickering ominously. That’s not just a supply chain hiccup, it’s a direct result of the latest wave of cyberattacks targeting the UK’s biggest grocery chains. In 2025, major retailers like Co-op, Marks & Spencer, and Harrods found themselves at the mercy of criminals who didn’t need crowbars or ski masks ; just a laptop and some cunning. Let’s unpack how these attacks happened, the tactics used, and most importantly, how any business…

Imagine for one moment that you are a cybercriminal. You have compromised an organisation’s network, you have stolen their data, you have encrypted their network, and you are now knee-deep in the ransomware negotiation. However, there’s a problem. Your target is stalling for time. Who can you, as the perpetrator of the crime rather than the innocent victim, turn to for advice? Well, if you are an affiliate of the Qilin ransomware group, you can simply hit the “Call Lawyer” button. Because, as researchers at Cybereason have revealed, Qilin has introduced a number of new features for its…

Escalating tensions in the Kashmiri conflict between India and Pakistan illustrate a point the Indian government has been driving home for years; it is time to double-down on securing India’s critical financial services. As the cornerstone of the nation’s stability, the Banking, Financial Services, and Insurance (BFSI) sector was the focus of India’s first Digital Threat Report 2024, and offers a “comprehensive view of the most critical risks facing the industry today.” The report leverages attack data from last year to pinpoint several areas of concern, including advanced social engineering…

As a cybersecurity expert, you are aware that performing static scans is only one part of a good defense-in-depth strategy. Similarly, periodic vulnerability assessments, while valuable, are only a single piece of cyber defense fortification. Continuous Threat Exposure Management (CTEM) establishes a logical setting to control organizational threats proactively. CTEM enables an augmented cybersecurity posture, active real-time risk mitigation, and threat precursor disabling. Decoding CTEM CTEM is an always-on strategy that monitors all attack surfaces for risk detection. It focuses on…

Few sectors exemplify the enormous value of data as healthcare does. From the relatively mundane, such as digitalizing patient data for streamlined care, to the extraordinary, like the use of AI to revolutionize prostate cancer diagnosis and care, data is the lifeblood of modern healthcare and, as such, must be protected. For years, we have been told that humans and human error are the weakest link in cyber defenses, but it’s time to challenge this notion. This view ignores the crucial role that healthcare professionals play in protecting patient data. With the right tools, culture, and…

Web Application Firewalls (WAFs) have long served as the front line of defense for web applications, filtering out malicious traffic and enforcing security policies. But as threats grow more sophisticated and application environments become more dynamic, many are questioning whether traditional WAFs are still up to the task. In 2025, with the rise of cloud-native applications, APIs, and machine learning-driven attacks, it’s no longer enough to rely on static, rule-based filtering. Whether you’re evaluating your existing defenses or considering the next generation of application security…

We are in the middle of an AI gold rush. Generative AI (Gen AI) has exploded from research labs into everyday business workflows at breakneck speed. Marketing, software development, customer support, HR, companies across industries deploy Gen AI tools to boost efficiency, automate tasks, and gain an edge. But security trails behind. In the rush to innovate, organizations chase speed and visibility, leaving risk management behind. The benefits of Gen AI are real, but so are the risks, and many only now come into focus. Security has become an afterthought again. This oversight could prove costly…