FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax-filing deadlines.

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.

Microsoft Bets $10B to Boost Japan's AI, Cybersecurity

The deal aims to accelerate AI adoption, train workers, and develop cybersecurity partnerships — the latest move by a hyperscaler to compete for sovereign AI and data centers.

Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now

Quantum computers are coming and may impact systems in unexpected ways, and it will "take years to be fully quantum-safe, if ever," cryptography expert warns.

Navigating the Unique Security Risks of Asia's Digital Supply Chain

Regulatory differences, interconnected digital ecosystems, and the rise of AI have created a complex supply chain Asian organizations must wrangle.

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration files.

Microsoft's Original Windows Secure Boot Certificate Is Expiring

The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.

'Harmless' Global Adware Transforms Into an AV Killer

A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.

North Korea Uses ClickFix to Target macOS Users' Data

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems.  The result is Id