Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Statistics suggest that over 3 million companies are using Microsoft 365 as their office productivity tool. This is almost 30% of the market share. Such a reliance on a vast platform like Microsoft 365 requires appropriate security measures. These can range from conditional access policies, strong access controls, authentication mechanisms, and monitoring capabilities to complete backup and disaster recovery solutions in place.

Considering digital transformation is the norm and cyber threats evolve faster than traditional security measures, the role of the Chief Information Security Officer (CISO) is undergoing a radical transformation. No longer confined to the technical realm of firewalls and antivirus software, the contemporary CISO is becoming a strategic leader tasked with empowering the entire organization to navigate a complex threat landscape.

A comprehensive analysis of the breach that exposed 570GB of consulting data and put 800 organizations at risk.

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update. The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors.

Running a penetration test is only half the battle. The real challenge is translating complex technical findings into insights that leadership can act on. The right metrics do not just highlight vulnerabilities; they tell a story about risk, resilience, and readiness. In this guide, we explore the penetration testing metrics that truly matter and how to present them in a way that resonates with decision-makers.

As businesses expand, so do their lists of third-party vendors—and with them, the number of risk factors and complexity. This increase means that security analysts are often overwhelmed by a growing number of vendor risk assessments. However, completing an assessment alone isn’t enough; its value depends on how effectively the results are communicated.

For months now, journalists and cybersecurity experts, including UpGuard, have been following the movements of the hacker collective “Scattered Lapsus$ Hunters,” a sort of supergroup of the already well-known cybercriminal entities ShinyHunters, Scattered Spider and Lapsus$. Now, this collective has launched a website where they can extort payment from entities in return for delisting and deleting their data.

A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. In this article, we look at CVE-2025-56383, discuss what developers are saying in the wild, and provide our experts’ take on the issue.

Organizations worldwide are increasingly developing or implementing AI-powered tools to streamline operations and scale efficiently. However, the benefits come with unpredictable risks unique to AI that need to be mitigated with the right safeguards. ‍ One of the biggest AI security challenges is the lack of formalized oversight. According to Vanta’s State of Trust Report, only 36% of organizations have AI-informed security policies in place or are in the process of building them.

Choosing a pen testing company today is no longer a technical decision; it’s a political one. You’re balancing vendor promises, dev timelines, board expectations, & a dozen tools.