Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What if your security operations team could reduce the time from risk discovery to resolution, from hours to seconds? 64% of analysts spend more than half of their time on manual tasks. It’s a sobering reality, considering how accelerated detection has become, and the contrast couldn’t be sharper. There are tools that detect zero-day vulnerabilities, map complex attacks, and identify vendor risk exposures, but remediation is still stuck in the age of manual mitigation.

Your potential customers could be interacting with a malicious website that resembles your company's website. This dangerous cyber risk, known as a lookalike domain, is on the rise, with 80% of registered web domains in 2024 resembling 2000 global brands. This article explains what lookalike domains are, their impact on your brand, and why these attacks are increasing, providing real-time strategies to protect your business from domain spoofing.

Crowdsourced penetration testing promises broad coverage, flexible resourcing, and cost efficiency by tapping into a distributed pool of security testers. Trustwave, A LevelBlue Company, realizes not every organization has the financial resources to partner with a security firm with dedicated penetration testing capabilities. At the same time, we want to make organizations aware of the many pitfalls in the crowdsourced pen-testing market and offer a few pointers on choosing the right vendors.

Food delivery giant DoorDash recently suffered a cybersecurity incident that compromised sensitive customer and merchant information. Known for delivering everything from burritos to bubble tea across the United States and beyond, DoorDash confirmed that unauthorized actors accessed parts of its system in a recent data breach.

Microsoft Foundry and Microsoft Copilot Studio have made it simple to build AI agents that automate workflows, access sensitive data, and integrate across critical business systems. However, agent democratization without control creates new security challenges. Further, as more agents are deployed across the organization, it means more agents that can access more data, invoke more tools (including MCP and A2A), and perform more actions. In other words, the potential attack surface is expanding.

Today, we’re introducing our Risk Reduction Dashboard. This is a new way for security leaders to quantify their AppSec program’s impact, prioritize high-value fixes, and prove ROI with data-backed insights that go beyond raw vulnerability counts.

Whisper Leak targets remote language models, @acitons/artifact targets GitHub Actions users, and Quantum Route Redirect simplifies phishing.

Identifying and redacting personally identifiable information (PII) is a critical need for enterprises handling sensitive data. Over 1000 NLP models and tools claim to solve this problem, but an infinite number of options opens a paradox of choice. We compiled this comprehensive comparison that examines ten notable PII detection solutions – their features, use cases, pros/cons, and reported success rates.

Drawing on Obrela’s experience managing complex cyber incidents and supporting national-level assurance programmes, Sebastian Bocquier, Head of DFIR, will present a practical, mission-ready framework that shifts accreditation from a static, one-time checkpoint to a continuous assurance capability embedded throughout NATO’s cloud ecosystem.

Apache Tomcat continues to play a central role in hosting Java-based web applications across enterprises, cloud services, and government systems. Its reliability and lightweight architecture make it a go-to choice for developers, but its ubiquity also means that a single vulnerability can have widespread security implications. CVE-2025-55752, disclosed in late 2025, highlights how a subtle processing regression can evolve into a high-impact vulnerability under the right conditions.