Leveraging Knowledge to Manage Your Data Risks
The SafePay ransomware group has been active since fall 2024 and has increased its activity this spring and summer. According to NCC Group, SafePay hit the most victims of any threat actor in May 2025—it is linked to 248 victims to date, according to Ransomware.live and RansomFeed.
The group uses common tactics, including social…
On June 30, 2025, a Joint Advisory was issued by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defense Cyber Crime Center issued a Joint Cybersecurity Information Sheet (CIS) titled “Iranian Cyber Actors May Target Vulnerable U.S. Networks and Entities of Interest,” warning…
…These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting
When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its recent survey, the 2025 New Hires Phishing Susceptibility Report, a whopping “71% of new hires click on phishing emails within…
Cybersecurity firm CSC recently issued its CISO Outlook 2025 Report, which predicts cybersecurity challenges CISOs will face in the next year. The report, from a survey of 300 CISOs and cybersecurity professionals globally, finds that CISOs “predict the cybersecurity challenges they face will intensify and the growth of artificial intelligence (AI) is increasing the…
Google recently issued its June Android Security Bulletin that is designed to patch 34 vulnerabilities, all of which Google designates as high-severity defects. The most serious flaw the patch is designed to fix in the Android system would allow threat actors “to achieve local escalation of privilege with no additional privileges required.” The bulletin contains…
Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been responsible for the recent attack on Marks & Spencer in the U.K. A security researcher at Google has posited that Scattered Spider concentrates attacks on one industry at a time and predicts that…
The U.S. Attorney’s Office for the District of Massachusetts has charged a student at Assumption University with hacking into two U.S.-based companies’ systems and demanding a ransom.
Matthew D. Lane, 19, has agreed to plead guilty to one count of cyber extortion conspiracy, one count of cyber extortion, one count of unauthorized access to protected…
A new study by Ivanti illustrates that one out of three workers secretly use artificial intelligence (AI) tools in the workplace. They do so for varying reasons, including “I like a secret advantage,” “My job might be reduced/cut,” “My employer has no AI usage policy,” “My boss might give me more work,” “I don’t want…
SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise through unauthenticated file uploads. Although SAP has issued an emergency patch, security researchers report that the vulnerability is being exploited throughout critical industries, and…
