Business

Attackers are abusing legitimate websites to host hidden SEO links. We break down their tactics, and what you can do about it.

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

Companies need to build a culture of security, but this is impossible when employees are afraid to discuss incidents or suggest improvements.

We dive into which corporate systems support passkeys, where compatibility falls short, and why we probably won’t be saying goodbye to passwords anytime soon.

How cybercriminals can exploit your online store — and how to stop them.

Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).

How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions.

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.

Businesses reaching the “acceptance stage”: given inevitable breaches — how to prepare for them?

Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.

How organizations implement zero-trust principles, and what CISOs advise for project success.

Archives are being used in targeted phishing and other attacks on organizations. What tools, settings, and policies can mitigate the threat?

Scammers are exploiting GetShared to bypass email security.

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

We look at the most notable supply-chain attacks of 2024.

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

We explore the root causes of the talent crisis in the cybersecurity industry and look for possible solutions.

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

Cybercriminals are using AitM techniques to compromise accounts of company executives. How do they do this, and how to protect against it?