Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍Continuous Threat Exposure Management (CTEM) tools are extremely business-savvy investments, particularly for large-scale enterprises that have broad business networks and harness hundreds of cloud-based solutions, offering a detailed, real-time view of an organization's cyber exposure.

As a human risk management platform, we keep a close eye on the evolving threat landscape to help organisations detect and mitigate human cyber risks. The first quarter of 2025 has already revealed critical vulnerabilities, data breaches, and novel attack vectors that highlight the importance of proactive security measures and automated interventions. Here’s a deep dive into the major cyber security events of Q1 and what forward-thinking organisations, like yours, can learn from them.

Most IT audit risk assessments fail because they treat risk as something to mitigate, not leverage. This leads to bloated reports, rigid frameworks, and security initiatives that slow innovation instead of driving it. Risk isn’t just a security concern—it’s a business decision. The best CTOs approach risk like an investment portfolio, with some risks to be minimized, but others that can be accepted or embraced for competitive advantage.

The EU’s NIS2 directive came into force on October 17, 2024. Notis Iliopoulos, VP MRC. Obrela explores the latest cyber resilience Directive’s pros and cons and suggests an alternative route the UK government might consider in developing its cybersecurity framework post-Brexit. The NIS2 Directive, which builds upon the original Network and Information Systems (NIS) Directive, aims to enhance the cybersecurity posture of critical sectors across the European Union.

All the major vulnerability scanning vendors have strengths, but asset tracking isn’t one of them. Some workarounds exist. However, if you are using one of the most popular vulnerability scanning tools, it’s likely you will struggle with asset tracking.

Researchers have discovered a critical security vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures. The vulnerability, designated CVE-2025-29927, was discovered by Rachid Allam and Yasser Allam and since assigned a base CVSS score of 9.1. By skipping checks for authorization cookies, attackers can potentially gain access to restricted areas of applications like admin tools and dashboards.

Earlier this year I joined the team at CultureAI, and like many, I shared the news on LinkedIn. Within weeks, I found myself at the receiving end of multiple phishing emails impersonating our CEO designed to exploit new employees. But rather than ignoring them, I thought it could be fun to play along, see where the rabbit hole led, and deep dive into the world of BCE and Gift Card scams.

When it comes to closing a sales deal, trust and security are often just as important as the product or service you’re selling — sometimes even more important. The reason is simple. Before bringing you on as a new vendor, customers need to be confident that you’re a safe and secure partner. The challenge is proving your security posture quickly, without dramatically slowing the deal.

The healthcare industry, with its vast repository of electronic health records, a growing network of connected devices, reliance on legacy systems, and expanding telehealth solutions, continues to be a prime target for cyber threats. To provide deeper insights into these evolving risks, Trustwave SpiderLabs has expanded its healthcare cybersecurity research with the newly released 2025 Trustwave Risk Radar Report: Healthcare Sector - A New Era of Cybersecurity Challenges.