report

Security debt is becoming a governance issue for CISOs

Security debt is becoming a governance issue for CISOs 2026-03-02 at 08:30 By Mirko Zorz Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles. 2026 findings against the 2025 baseline […]

Security debt is becoming a governance issue for CISOs Read More »

Ransomware activity peaks outside business hours

Ransomware activity peaks outside business hours 2026-02-27 at 12:18 By Anamarija Pogorelec Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response and managed detection and response cases handled between November 1, 2024 and October 31, 2025, spanning organizations in 70

Ransomware activity peaks outside business hours Read More »

The CISO role keeps getting heavier

The CISO role keeps getting heavier 2026-02-27 at 08:00 By Anamarija Pogorelec Personal liability is becoming a routine part of the CISO job. In Splunk’s 2026 CISO Report, titled From Risk to Resilience in the AI Era, 78% of CISOs said they are concerned about their own liability for security incidents, up from 56% last

The CISO role keeps getting heavier Read More »

Industrial networks continue to leak onto the internet

Industrial networks continue to leak onto the internet 2026-02-27 at 07:30 By Mirko Zorz Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report

Industrial networks continue to leak onto the internet Read More »

The $19.5 million insider risk problem

The $19.5 million insider risk problem 2026-02-26 at 09:09 By Mirko Zorz Routine employee activity across corporate systems carries an average annual cost of $19.5 million per organization. That figure comes from the 2026 Cost of Insider Risks Global Report, conducted by the Ponemon Institute and based on data from 354 organizations that experienced one

The $19.5 million insider risk problem Read More »

Open-source security debt grows across commercial software

Open-source security debt grows across commercial software 2026-02-26 at 08:36 By Mirko Zorz Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open source components, with average component counts

Open-source security debt grows across commercial software Read More »

Cyber valuations climb as capital concentrates, AI security expands

Cyber valuations climb as capital concentrates, AI security expands 2026-02-25 at 08:59 By Sinisa Markovic Venture funding in cybersecurity continued to concentrate in large private rounds at the end of 2025, driving valuations higher across stages. Data from DataTribe shows total capital invested approached $150 billion for the year, with a disproportionate share flowing into

Cyber valuations climb as capital concentrates, AI security expands Read More »

Edge systems take the brunt of internet-wide exploitation attempts

Edge systems take the brunt of internet-wide exploitation attempts 2026-02-25 at 07:18 By Anamarija Pogorelec Internet-facing VPNs, routers, and remote access services absorbed sustained exploitation attempts throughout the second half of 2025, with nearly 3 billion malicious sessions recorded over 162 days. The concentration on edge infrastructure aligns with how attackers pursue initial access across

Edge systems take the brunt of internet-wide exploitation attempts Read More »

AI agents behave like users, but don’t follow the same rules

AI agents behave like users, but don’t follow the same rules 2026-02-09 at 08:19 By Anamarija Pogorelec Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same rigor and traceability applied to human users, according to Cloud Security Alliance’s Securing Autonomous AI

AI agents behave like users, but don’t follow the same rules Read More »

Measuring AI use becomes a business requirement

Measuring AI use becomes a business requirement 2026-02-05 at 09:11 By Anamarija Pogorelec Enterprise teams already run dozens of AI tools across daily work. Usage stretches from code generation and analytics to customer support drafting and internal research. Oversight remains uneven across roles, functions, and industries. A new Larridin survey of enterprise leaders places measurement

Measuring AI use becomes a business requirement Read More »

AI is driving a new kind of phishing at scale

AI is driving a new kind of phishing at scale 2026-02-05 at 09:11 By Sinisa Markovic Email remains a primary entry point for attackers, and security teams continue to manage high volumes of malicious messages that change form across campaigns. Attackers generate large numbers of messages with small variations in wording, structure, and delivery paths.

AI is driving a new kind of phishing at scale Read More »

Auto finance fraud is costing dealers up to $20,000 per incident

Auto finance fraud is costing dealers up to $20,000 per incident 2026-02-04 at 07:08 By Anamarija Pogorelec Auto retailers see fraud as a regular part of selling and financing vehicles, something that shows up often enough to plan around, according to Experian. Income and identity fraud lead the list Most fraud problems start with the

Auto finance fraud is costing dealers up to $20,000 per incident Read More »

Open-source attacks move through normal development workflows

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

AI is flooding IAM systems with new identities

AI is flooding IAM systems with new identities 2026-02-02 at 07:20 By Anamarija Pogorelec Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of Non-Human Identity and AI Security report by the Cloud Security Alliance. AI identities inherit

AI is flooding IAM systems with new identities Read More »

Security work keeps expanding, even with AI in the mix

Security work keeps expanding, even with AI in the mix 2026-01-30 at 08:07 By Sinisa Markovic Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 report by Tines. Within that environment, large numbers of teams already rely

Security work keeps expanding, even with AI in the mix Read More »

Security teams are carrying more tools with less confidence

Security teams are carrying more tools with less confidence 2026-01-30 at 07:31 By Anamarija Pogorelec Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large organizations, and they bring a constant stream of logs, alerts, and operational data. That environment already exists

Security teams are carrying more tools with less confidence Read More »

Open-source malware zeroes in on developer environments

Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to

Open-source malware zeroes in on developer environments Read More »

What motivates hackers and what makes them walk away

What motivates hackers and what makes them walk away 2026-01-29 at 07:02 By Anamarija Pogorelec Most hackers spend more time learning, testing, and comparing notes than breaking into systems. The work often happens alone or in small groups, shaped by curiosity, persistence, and a habit of examining how systems behave. Bugcrowd examined who these security

What motivates hackers and what makes them walk away Read More »

Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions

Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions 2026-01-28 at 08:15 By Anamarija Pogorelec A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access. The research was conducted by

Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions Read More »

AI’s appetite for data is testing enterprise guardrails

AI’s appetite for data is testing enterprise guardrails 2026-01-27 at 08:18 By Anamarija Pogorelec Privacy programs are taking on more operational responsibility across the enterprise. A new Cisco global benchmark study shows expanding mandates, rising investment, and sustained pressure around data quality, accountability, and cross-border data management tied to AI systems. Privacy programs grow with

AI’s appetite for data is testing enterprise guardrails Read More »

Scroll to Top