News

Cybersecurity firm Forescout has identified 22 previously unknown vulnerabilities in serial-to-IP converters, devices commonly used to connect legacy industrial equipment to modern networks. The company warns that thousands of these systems are currently exposed online, potentially increasing the risk of cyberattacks across critical infrastructure sectors. The findings are part of a new research initiative called BRIDGE:BREAK, which focuses on hardware produced by Lantronix and Silex. These devices are widely deployed in industries such as utilities,...

Many companies cause a is a hit until there's a breach at some point in time. A suspicious email gets clicked, a system goes down at the worst possible time, or someone in IT notices unusual activity on a Friday afternoon. By that time, the damage is possibly done, and the efforts to contain those types of situations are costly, adds stress to company employees, and can damage your company’s reputation. Working with a security...

Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise security, national defence, and SaaS environments. The hire comes at a turbulent time for software security. Dependency abuse, credential misuse, and compromised build pipelines have triggered a wave of supply chain breaches affecting developer tools, cloud platforms, and AI-driven systems, and organisations are struggling to...

Certes has released v7 of its Data Protection and Risk Mitigation (DPRM) platform, extending post-quantum cryptography (PQC) protection to the edge and positioning the update as a direct response to the growing "harvest now, decrypt later" threat facing enterprise security teams. The release addresses a specific attack pattern that has been gaining traction among nation-state and advanced persistent threat actors: the bulk exfiltration of currently encrypted data, stockpiled in anticipation of commercially viable quantum computing,...

Cloud security has become one of the defining challenges for enterprise security teams. As organisations scale across multiple cloud providers, deploy AI-driven workloads, and operate with increasingly distributed teams, the attack surface continues to expand. The issue is no longer just visibility, it is maintaining consistent control across fragmented environments. Siloed tools, misaligned policies, and alert fatigue are creating gaps that attackers actively exploit. To address this, enterprises are moving toward cloud security platforms that...

The top account takeover (ATO) protection tools in 2026 include Memcyco, Arkose Labs, SpyCloud, BioCatch, and Proofpoint, each addressing different stages of account takeover attacks such as phishing, credential stuffing, and session hijacking. ATO protection refers to the set of tools and strategies used to prevent unauthorised account access across pre-login, login, and post-login stages. Used by organisations to prevent attackers from using stolen credentials to access user accounts, modern ATO protection tools are designed...

Swiss privacy company Proton has today announced the simultaneous launch of Proton Workspace and Proton Meet, its most significant expansion yet into the enterprise productivity market and a direct challenge to the dominance of Google Workspace and Microsoft 365. The double launch marks a strategic pivot for the Geneva-based firm, which has built a user base of over 100 million accounts on the strength of privacy-first services including Proton Mail and Proton VPN. The company...

World Backup Day is often seen as a simple reminder to save your data, but this year, security leaders say backup strategies must evolve into fully tested, secure, and recovery-focused resilience plans. Here’s what organisations should take away from World Backup Day this year: 1. Backups are meaningless if recovery isn’t provenIt’s no longer enough to assume backups will work when needed. Corey Nachreiner, Chief Security Officer at WatchGuard Technologies, said, "Preparedness only matters when...

A critical vulnerability in Citrix NetScaler ADC and NetScaler Gateway is drawing urgent warnings from the security community, with experts cautioning that exploitation could be imminent and that the ghost of CitrixBleed looms large over the disclosure. Tracked as CVE-2026-3055 with a CVSS score of 9.3, the flaw is an out-of-bounds read issue affecting NetScaler deployments configured as a SAML Identity Provider (SAML IDP), allowing remote, unauthenticated attackers to read sensitive memory. Citrix has warned...

The US Federal Communications Commission (FCC) has expanded its “Covered List” to include certain foreign-made consumer routers, a move that will block new models from receiving equipment authorisation and prevent them from being imported or sold in the United States. The decision reflects growing concern around supply chain security and the potential for foreign state interference in critical network infrastructure. Routers occupy a uniquely sensitive position in both home and enterprise environments, acting as gateways...