Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its behavioural threat protection to safeguard Model Context Protocol (MCP) servers via AWS WAF. The announcements highlight the company’s growing focus on visibility, risk reduction and real-time defence in increasingly complex cloud and AI environments.

On 1 December, Salt launched “Ask Pepper AI”, a natural language interface designed to help security teams instantly query their entire API estate. Built on Amazon Bedrock, the tool allows users to ask plain-English questions (such as “Which of my APIs expose PII?” or “What APIs have the highest Risk Score?”) and receive immediate, actionable insights drawn from Salt’s API Discovery, Posture Governance and Threat Protection capabilities.

With organisations struggling for clarity in sprawling cloud environments, Salt’s H2 2025 State of API Security Report found that only 19% feel “very confident” in the accuracy of their API inventory, while 15% admit they do not know which APIs expose personal data. Salt says “Ask Pepper AI” helps close these gaps by democratising access to critical security information and accelerating both incident response and risk prioritisation.

“API security is complex, but understanding your risk shouldn’t be,” said Michael Nicosia, Co-Founder and COO at Salt Security. “‘Ask Pepper AI’ makes it simple. By using Amazon Bedrock, we’re putting powerful, intuitive security insights into the hands of everyone from SOC analysts to CISOs. When most organisations aren’t even sure what their API inventory looks like, the ability to just ask and get an immediate answer is a game-changer.”

Two days later, Salt announced a second major capability: the extension of its patented API behavioural threat protection to detect and block malicious intent targeting MCP servers. MCP servers allow LLMs and autonomous agents to execute tasks by calling APIs and tools, but their growing usage has outpaced security controls. Often deployed without central oversight and exposed to the internet, they are becoming a new target for attackers seeking access to sensitive data and system functionality.

Building on Salt’s recently released MCP Finder technology, the company now enables organisations to identify misuse or abuse of MCP servers and automatically block threats using AWS WAF, leveraging real-time behavioural intelligence from the Salt platform.

“Most organisations don’t even know how many MCP servers they have, let alone which ones are exposed or being abused,” said Nick Rago, VP of Product Strategy at Salt Security. “This capability lets them take action quickly, using existing controls to prevent real threats without needing to deploy new infrastructure.”

By combining MCP discovery with AWS WAF enforcement, customers can block attacks before they impact applications, uncover shadow or unmanaged MCP instances, extend edge protection to the AI action layer, and continuously update defences as attacker tactics change.

The post Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure appeared first on IT Security Guru.

Keeper Security has announced the appointment of Tim Strickland as Chief Revenue Officer (CRO). Strickland will lead Keeper’s global revenue organisation, driving go-to-market strategy, customer growth and channel expansion as demand accelerates globally for modern Privileged Access Management (PAM) and identity security solutions.

Strickland brings more than two decades of executive leadership experience scaling high-performance revenue teams at category-defining SaaS companies. Most recently, he served as Chief Revenue Officer at ZoomInfo, where he guided the company through a successful IPO, built its customer growth and strategic sales functions and oversaw the go-to-market integration of eight acquisitions.

Prior to ZoomInfo, Strickland held senior revenue leadership roles at Marketo, where he played an integral role in the company’s growth, its take-private acquisition by Vista Equity Partners and subsequent sale to Adobe. His responsibilities spanned enterprise sales, account management, customer success and global channel development.

“Tim is joining Keeper at a pivotal moment as organisations around the world confront unprecedented identity-based threats,” said Darren Guccione, CEO and Co-founder of Keeper Security. “He brings the kind of leadership that elevates teams, sharpens focus and accelerates impact. Tim understands the responsibility we have to our customers, and he shares our commitment to building secure, elegant solutions that drive meaningful outcomes. I’m confident he will help propel Keeper into its next chapter of growth while keeping our vision and our customers at the centre of everything we do.”

In his new role, Strickland will oversee Keeper’s global sales, customer success, revenue operations and channel ecosystem, with a focus on expanding market penetration for Keeper’s unified privileged access management platform. KeeperPAM® combines enterprise password management, secrets management, privileged session management, zero-trust network access, endpoint privilege management and remote browser isolation into a single cloud-native solution—designed to meet surging global demand for credential and identity-based threat protection.

“Identity and access security has never been more critical, and Keeper has built a revolutionary cybersecurity platform for organisations,” said Strickland. “The market opportunity is tremendous, and the company’s momentum reflects a deep commitment to innovation and customer value. I’m excited to help scale our impact globally and support customers in strengthening their security posture.”

Strickland also serves as an Advisory Partner with Summit Partners, where he helps high-growth technology companies navigate go-to-market transformation and scale with discipline. As Keeper continues to meet rising global demand for modern privileged access and identity security, Strickland’s leadership will help advance the company’s mission to deliver zero-trust and zero-knowledge solutions that protect the world’s most sensitive data and systems.

The post Keeper Security Appoints New Chief Revenue Officer appeared first on IT Security Guru.

KnowBe4, the platform that comprehensively addresses AI and human risk management, has been recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms for the second consecutive year and acknowledged specifically for its Ability to Execute and Completeness of Vision. 

KnowBe4 Cloud Email Security provides users with:    

• Advanced AI-enabled detection to mitigate the full spectrum of inbound phishing attacks and outbound data loss and exfiltration attempts 

• KnowBe4’s Agentic Detection Engine that leverages sophisticated natural language processing (NLP) and natural language understanding (NLU) models to protect inboxes from advanced phishing, impersonation and account takeover attacks  

• Integration in the KnowBe4 HRM+ platform that uses deep per-user behavioural analytics and threat intelligence to deliver personalized security at the point of risk 

• Continuous behavioural-based training delivered through real-time nudges 

A rise in advanced technology to address sophisticated phishing attacks and behaviour-led outbound data breaches has driven significant innovation in email security. According to the KnowBe4 2025 Phishing Threat Trends Report Vol. Six, there was a 15.2% increase in phishing email volume between March 1st – September 30th, 2025, compared to the previous six months.  

“We are honoured to be recognised as a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms,” said Bryan Palma, CEO, KnowBe4. “Email communication remains the primary attack vector for organisations globally. KnowBe4 plays an instrumental role in providing adaptive AI-enabled technology to build a stronger security culture for customers. In our opinion, this positioning validates our strategic vision and relentless focus on human and agent risk management that goes beyond detecting threats to preventing them before they reach employees’ inboxes.” 

This news follows several recent announcements which exemplify the strength of KnowBe4 Cloud Email Security, including the integration of Microsoft Defender O365 and recognition as a Gartner Peer Insights Customer’s Choice for email security platforms.  

Download a copy of the report.  

The post KnowBe4 Named a Leader in Gartner® Magic Quadrant™ for Email Security appeared first on IT Security Guru.

For years, the cybersecurity community has fought the scourge of weak, reused passwords. The solution, which was overwhelmingly adopted by both businesses and consumers, was the password manager (PM). These tools moved us from flimsy ‘123456’ credentials to unique, 30-character alphanumeric strings, stored behind a single, powerful master password.

But this elegant centralisation creates a paradox. By consolidating all digital keys into one encrypted vault, have we simply moved the weakness rather than eliminated it? Is this single, powerful key actually the soft underbelly of modern cybersecurity?

The Centrality of Strong Credentials

The necessity of strong and unique passwords cannot be overstated, as they form the bedrock of digital defence. Compromised credentials are the primary vector for data breaches. They affect everything from sensitive work systems and financial applications to personal e-commerce accounts and, increasingly, entertainment platforms. The security stakes are incredibly high across the board. For example, when engaging with entertainment platforms such as online casinos, where sensitive financial details are exchanged, and large sums can be involved, robust password hygiene is a non-negotiable requirement.

The need to protect these accounts dictates that users rely on tools to generate and store complex character strings. When reviewing the offerings for such platforms, resources like those curated by adventuregamers.com often highlight sites that prioritise player security. What’s more, they typically pay attention to strong architectural benefits such as secure payment methods and end-to-end encryption. Such diligent, layered protection is extremely important, yet all of that diligence ultimately hinges on the user’s own diligence in protecting their account with a unique, strong password that they have stored safely.

The Single Point of Failure Paradox

The most significant challenge to password managers is the single point of failure that they represent. If a cybercriminal can acquire the master password for a vault, they gain immediate access to every stored credential: banking, email, social media, and corporate access. This represents a far more lucrative target than breaching a single, isolated account. The risk is compounded by the fact that the most common failure point is not the vault itself. It is actually human error.

The master password, by necessity, must be complex yet memorable enough for the user to type manually. If a user chooses a weak master password or if they fall victim to a targeted keylogger or highly sophisticated phishing attempt, then the entire security framework collapses. While this risk does, of course, exist with any single password, the cascading effect here can be catastrophic. Furthermore, the master password’s security relies entirely on the security of the device it is typed into. If that device is compromised by potent, custom-built malware, then the master password can be intercepted before it ever interacts with the zero-knowledge architecture of the manager itself.

Architectural Defence: Zero-Knowledge Encryption

To counter the single point of failure, reputable password manager services employ sophisticated zero-knowledge architecture. This is the core technical defence that elevates them above simple, local file encryption. In a zero-knowledge system, the encryption and decryption of the vault happen locally on the user’s device and never on the provider’s actual server.

The provider only stores the cryptographically scrambled and salted blob of data. They never hold the master password or the key required to unscramble the vault, meaning that even if the password manager company’s servers are breached, the hackers only obtain a useless piece of encrypted data. They would still need to launch a brute-force attack on a highly salted and iterated hash, and this is an effort that could take centuries with our current computing technology.

This distinction is crucial. The provider cannot hand over your passwords to a government agency, a subpoena, or a hacker because they genuinely do not have access to them. The weakness doesn’t lie in the manager’s architectural security, but in its implementation on the end-user device. A sophisticated, state-sponsored attack on the endpoint device itself, such as a remote access trojan (RAT) or screen-scraping malware, is the only way to bypass this robust, zero-knowledge encryption model.

Beyond the Code: Phishing and Human Error

Ultimately, the password manager’s greatest vulnerability is not its code, but the user experience it requires. The convenience of autofill is a double-edged sword. While it does save time and prevent typographical errors, it can also be easily exploited by malicious sites.

Sophisticated phishing attacks can create near-perfect, convincing login pages that are designed to capture credentials. A well-designed password manager should only autofill a login on a specific, trusted domain, but user confusion or certain browser extensions can sometimes override these safety checks. The user, who is accustomed to the ease of autofill, may not notice the subtly altered URL of a phishing site until it is too late.

The other primary vector is the bypass of multi-factor authentication (MFA). While a PM helps secure the first factor (the password), many high-value accounts protected by PMs are also protected by MFA. However, attackers are increasingly using MFA fatigue attacks or complex adversary-in-the-middle (AiTM) techniques to steal a session token after the user authenticates with both their PM-stored password and their MFA token. This attack targets the session rather than the vault. This proves that a PM is not a complete security solution. Rather, it is a robust tool that must be correctly layered with other security controls, such as hardware security keys and stringent device hygiene.

The post The Vault or the Vulnerability? Why Your Password Manager Might Be the New Cyber Risk appeared first on IT Security Guru.

Modern iGaming security has evolved quickly, and users notice the difference. Stronger protections, more transparent communication, and more innovative tools give people far more confidence than older platforms ever did. At the same time, the number of online poker sites keeps growing, prompting users to seek more explicit guidance and safer options. This mix of better security and higher expectations shapes how people decide where to play—and why modern platforms continue to gain their trust.

Rising Expectations Around User Choice and Platform Safety

A lot of people feel overwhelmed the moment they start comparing different digital entertainment platforms, mainly because everything starts to look the same. You jump from one option to another, and before long, you’re not even sure which features actually matter. That’s usually when people begin looking for more explicit guidance and platforms that communicate safety without making users dig for it.

As platforms compete for attention, they raise their security standards to show they take user protection seriously. People notice stronger authentication, more precise privacy explanations, and better overall transparency. Those small details help them decide faster and feel more confident in their choice, rather than second-guessing every step.

There’s the bonus of feeling at ease since you know what you’re doing business with, taking out the blind step risk, and making it all more deliberate. When users are supported from the get-go, they relax and focus on savoring the experience rather than fretting about hidden snags.

Security Advances Driving Modern iGaming Forward

Modern iGaming platforms invest a chunk in authentication because users are known to give proper attention to it. Forcing a user to feel ‘safer’ with features such as device verification, biometrics, app-based codes, and never just an empty password field. These protections do not signal professionalism; they set expectations. After finally becoming used to ‘stronger’ security, anything ‘less’ feels dated.

On the other hand, real-time monitoring is of tremendous importance at present, as threats change rapidly. Platforms employ behavior-based tools to identify abnormal patterns before they materialize into something substantial. End-users may not realize it is happening in the background, but they surely see the outcomes. Fewer account issues and fewer security pop-ups really smooth the experience and take the stress out of it.

Encryption standards are at a level most people associate with banking or healthcare, and that in itself speaks volumes about the users. When a platform secures data with the same level of seriousness as a financial institution, people respond with greater trust. It turns moments of sensitivity – payments, or identity checks – into simple steps instead of points of anxiety.

Another interesting trend is the transparency that platforms provide. They do not ask users to trust them blindly; instead, they publish summaries of audits, security updates, and system notes. When details are shared, it gives people a sense that the platform is really taking ownership of their safety. This, in turn, lowers the fear of hidden issues and builds a stronger relationship with long-term users.

Why Traditional Apps Struggle to Keep Pace with Modern Threats

Most traditional apps rely on older system structures, which becomes problematic when threats evolve faster than their update cycles. A platform that still relies on legacy permissions or outdated libraries will create lag that end users feel. End users can feel it when an app feels very clunky and not ready to face modern risks; it’s a confidence eroder all by itself.

Many of these older systems also require manual updates, which slows everything down. A security issue that modern platforms patch instantly can sit unresolved in a traditional app until someone schedules the update. Users don’t always see the technical reason behind the delay, but they feel the fallout every time something doesn’t work the way it should.

Another issue comes from rigid permission handling. Older apps often ask for more access than they actually need, which raises red flags for people who care about privacy. Modern platforms take the opposite approach: they request the minimum and explain why. That contrast makes traditional apps look careless, even when they’re not trying to be.

On top of that, traditional apps tend to approach security reactively instead of proactively. They address problems after they happen rather than preparing for them in advance. Users today expect more, especially when digital entertainment platforms keep showing what quick adaptation looks like. Once they realize the difference, it becomes hard to go back to something that feels slower and less reassuring.

Wrap Up

Modern iGaming platforms raise the bar with faster updates, stronger authentication, and a more explicit commitment to user protection. People feel the difference immediately, especially when they have guidance that helps them make confident choices. As security continues to improve and new tools become standard, users can expect a safer, more transparent experience every time they play online.

The post Do Modern iGaming Platforms Offer Better Cyber Protections Than Traditional Apps? appeared first on IT Security Guru.

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers.

Unlike many other APT groups, Librarian Ghouls does not rely on custom malware. Instead, they exploit legitimate third-party tools such as remote access software, archivers and SMTP utilities to craft near-perfect phishing campaigns, including password-protected files and polymorphic malware that adapts in real time. These tactics allow the attackers to slip past traditional detection controls almost unnoticed.

This incident is part of a broader and growing challenge when cybersecurity tools operate in silos, attackers exploit the gaps between them. Endpoint detection and response (EDR), firewalls, and authentication systems each play an important role, but without integration, they offer only partial visibility.

An EDR solution, for example, may overlook legitimate administrative tools if they do not exhibit overtly malicious behaviour. A firewall will flag anomalous outbound connections but often lacks the context to determine the originating user or endpoint. Authentication logs may capture a series of valid logins without recognising a lateral movement pattern.

The lesson from this is clear – integrated visibility across security layers is critical. Correlating signals from multiple tools is essential to detect complex, multi-stage attacks that no single solution can fully uncover on its own. Without this unified perspective, organisations risk missing the bigger picture until it’s too late.

With multiple security solutions generating alerts, many organisations operate with a false sense of security. Without integration, security is fragmented, leaving gaps for sophisticated attacks to exploit, sometimes for weeks or months.

How to protect against threats that evade detection

Organisations need a unified view of their environment and the ability to respond in real time. This is where Managed Detection and Response (MDR) come in. MDR combines advanced threat detection, analytics and human expertise to monitor, investigate, and respond to threats 24/7. Unlike traditional tools working in isolation, MDR correlates signals across endpoints, networks, cloud environments, and identity systems, enabling faster and more accurate detection of suspicious activity.

A strategic MDR approach gives organisations the ability to detect and respond to threats with a level of speed and accuracy that isolated tools cannot match. Firewalls might block unusual connections and EDRs may spot anomalous behaviour but when these signals operate independently, critical patterns can be missed. MDR leverages AI and automation to connect these disparate alerts, allowing real threats to be identified enabling the identification of real threats within minutes. It is effective even when attackers deliberately blend their activity with normal operations.

Once a genuine threat is detected, the speed of response is essential. By providing a unified view across network, endpoint and identity layers, MDR accelerates investigations, reduces operational disruption and helps maintain business continuity while protecting an organisation’s reputation. At the same time, AI-driven correlation filters out noise and false positives, highlighting only the most relevant alerts and providing the context security teams need to act decisively. This focus is particularly valuable in resource-constrained environments, where every second counts and alert fatigue can undermine effectiveness.

The Librarian Ghouls’ breach demonstrated that attackers could circumvent defences when solutions are uncoordinated. It’s like trying to find a needle in a haystack. MDR addresses this challenge by correlating disparate signals, filtering false positives and providing a unified view of infrastructure. By doing this, it amplifies the value of each security layer. EDRs gain the context to identify anomalies, firewalls better interpret network connections and identity systems more accurately flag suspicious access.

The post What your firewall sees that your EDR doesn’t appeared first on IT Security Guru.

Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents from accessing frontline services and raising fears of data exposure, according to reports.

While details remain limited, the incident is already prompting renewed warnings from cybersecurity experts about structural weaknesses across the UK public sector, particularly where councils rely on shared platforms, legacy systems, and under-resourced IT teams.

Simon Pamplin, CTO at Certes Networks, said the attacks underscore how deeply such incidents can affect everyday life.  “These suspected cyberattacks on several of London’s borough councils really drive home the point that when systems holding sensitive information are hit, it’s not just the council that suffers. It spills out into the lives of residents and the whole network of services they depend on,” he explained.

Pamplin stressed that cyber resilience can no longer be treated as optional for organisations serving the public.

“When it comes to something as critical as local government, having rock-solid cyber resilience and data security isn’t a nice-to-have, it’s absolutely essential. It’s a bit like heading off on holiday, you wouldn’t dream of leaving the front door unlocked. In the same way, businesses and local authorities need to make sure every last digital door is properly secured, no exceptions, especially when the public is the one at risk.”

Darren Guccione, CEO and co-founder of Keeper Security, echoed those concerns, calling the incident a “serious wake-up call” for public-sector bodies still depending on outdated or interconnected infrastructure.

“Local councils are not only service providers, they’re custodians of highly sensitive personal data,” Guccione said. “When public services rely on shared or under-protected IT infrastructure, disruption is immediate and the consequences are far-reaching.”

He warned that structural vulnerabilities, legacy systems, limited budgets, and reactive security practices create conditions where a single breach can cascade across multiple essential services.

“Once an attacker gains access, the impact can spread rapidly across systems used for social care, housing, payments and citizen communications,” he noted.

Guccione urged councils to prioritise network segmentation, strict identity and access controls, and secure credential management, alongside continuous monitoring across both modern and legacy systems. He added that well-practiced incident response and business continuity plans are just as critical: “If cybersecurity is not embedded into core governance today, councils will continue defending ageing systems against rapidly evolving threats. That is not a sustainable position, and the stakes for citizens are simply too high.”

Other experts agree that the attack bears many hallmarks of a sophisticated ransomware operation. Rebecca Moody, Head of Data Research at Comparitech, said the combination of operational disruption and potential data theft fits the common playbook of modern ransomware groups seeking dual ransoms for decryption and data deletion.

“Governments are a key target… hackers can cause widespread disruption and access highly sensitive data,” she said, noting that Comparitech has tracked 174 confirmed attacks against government bodies worldwide so far this year, with average ransom demands approaching $2.5 million.

With investigations still underway, Moody urged residents and council employees to remain vigilant for phishing attempts or unusual account activity: “If this is a ransomware attack and ransom negotiations fail, it’s likely we’ll see a group coming forward to claim the attack and data theft in the coming days or weeks.”

Rik Ferguson, VP of Security Intelligence at Forescout, highlighted the shared-risk nature of modern IT ecosystems, noting that attackers increasingly exploit the interconnectedness between organisations.

“Attackers are learning that the fastest way to profit isn’t always by encrypting or publicly leaking data, it’s by holding entire enterprise ecosystems hostage,” he said. “Supply-chain and shared-services models create single points of failure.”

Ian Nicholson, Head of Incident Response at Pentest People, warned that the situation illustrates how quickly compromises can propagate across tightly connected public-sector systems.

“Again and again we see attackers exploiting legacy systems, slow patching, and under-funded, under-staffed IT teams,” he said. “Local authorities sit on highly sensitive information, and incidents like this really do impact those much-needed frontline services.”

Dray Agha, senior manager of security operations at Huntress, warned the incident exposes the fragility of shared public-sector infrastructure.

“This coordinated incident highlights a critical vulnerability in modern public services: the double-edged sword of shared IT infrastructure. While such systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents. It underscores an urgent need to move beyond simple cost-saving IT models and invest in resilient, segmented networks that can contain such threats and protect vital public services.”

As London councils work to restore systems, the attack marks yet another reminder that cybersecurity weaknesses in shared public infrastructure can carry real-world consequences, disrupting essential services and potentially exposing citizens’ most sensitive data.

The post Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems appeared first on IT Security Guru.

As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year’s threats are not only bigger than ever but far more intelligent, automated and difficult to spot.

Fresh data from Check Point, KnowBe4 Threat Labs and other cyber specialists note that attackers are using AI, automation and brand impersonation at industrial scale, exploiting the intensity of the shopping weekend to steal credentials, identities and payment information.

Fake retail sites multiply as attackers use AI and automation

According to Check Point Research, malicious activity tied to Black Friday is rising sharply. One in 11 newly registered Black Friday-themed domains has already been classified as harmful, with criminals spinning up fraudulent sites faster than retailers can report or shut them down.

Brand impersonation remains a core tactic, as 1 in 25 new domains mimicking Amazon, AliExpress and Alibaba has been flagged as malicious. Recent phishing campaigns spoofing HOKA and AliExpress demonstrate how attackers are exploiting high-demand brands to lure victims into sharing login credentials and payment details through convincing fake storefronts.

Omer Dembinsky, Data Group Manager at Check Point Research, said attacks this year “aren’t just bigger; they’re smarter, customised and automated.” Criminals are relying on AI-style templating, mass domain generation and sophisticated replica sites that look indistinguishable from the real thing.

“The best defence is prevention,” Dembinsky added. “Don’t trust a Black Friday link just because it looks real. Verify the domain, use security tools that can validate newly registered sites, and think twice before entering your credit card as you’re one click away from handing over your identity.”

Phishing surges ahead of Black Friday and Amazon leads UK impersonation

New findings from KnowBe4 Threat Labs reveal that out of 27,061 Black Friday-themed phishing emails observed globally, the vast majority (84.30%) impersonated “Deal Watchdog” alert services designed to create urgency around limited-time offers.

In the UK, Amazon was the most impersonated brand, with attackers overwhelmingly using credential-harvesting links as their main payload. UK activity began unusually early this year, with attacks starting on 3rd November and peaking on 10th November, well ahead of the shopping weekend.

Javvad Malik, Lead CISO Advisor at KnowBe4, warned that the psychological pressure of discounted deals is exactly what scammers rely on.

“The combination of time-limited deals and high demand means people often act quickly without taking the usual precautions,” he said. “Taking a moment to verify a website, examine a link or double-check a deal could be the difference between a great saving and becoming a victim.”

AI is fuelling more convincing scams than ever

Keeper Security says AI-generated content is behind much of this year’s sophistication. Fake order confirmations, AI-generated customer service chats and spoofed retailer sites are now near-perfect replicas of legitimate communications, making them harder than ever to spot.

Anne Cutler, Cybersecurity Expert at Keeper Security, explained: “Where there’s money and momentum online, cybercriminals invariably follow—and Black Friday delivers both in abundance. This year we’re guaranteed to see ever more sophisticated scams, primarily fuelled by artificial intelligence.”

Keeper’s global research shows identity-based attacks remain the top concern for cybersecurity leaders in 2025, with stolen credentials continuing to be the leading cause of data breaches.

“The simple truth is that if an attacker controls your identity, they also control your access to everything, ranging from sensitive financial information to social media accounts,” Cutler added. She stressed the importance of strong, unique passwords, MFA and monitoring unusual login activity.

Stick to “Brightly Lit” Parts of the Internet, experts warn

Privacy experts emphasise that consumers must stay vigilant as they hunt for bargains. Chris Hauk, Consumer Privacy Advocate at Pixel Privacy, advised shoppers to go directly to retailer websites instead of clicking ads or pop-ups, many of which lead to expertly forged scam pages.

He added practical reminders:

• Avoid public WiFi for shopping or banking

• Use secure payment methods like Apple Pay or Google Pay

• Buy gift cards only from official retailers or trusted resellers

Paul Bischoff at Comparitech echoed similar safety fundamentals:

1. Never click links or attachments in unsolicited emails

2. Never switch communication/payment channels outside the marketplace

3. If a deal feels rushed, take a step back—it may be a scam

Brian Higgins, also from Comparitech, warned that delivery scams spike during major retail periods, with fake package-fee notifications being especially common as shoppers await parcels. “Don’t buy anything really essential unless you trust the vendor. And if you can afford it, sign up for one of the Credit Monitoring services as they will let you know if you start to buy stuff you’re not aware of,” he cautioned.

Black Friday doesn’t have to be a hacker’s payday

Despite the rising threats, experts agree that a few proactive steps dramatically reduce risk. Strong passwords, MFA, domain checking, secure payment methods and scepticism toward unsolicited messages remain the most effective protections.

As Cutler noted: “A few proactive steps, coupled with an identity-first mindset, can make the difference between a money-saving bargain and a costly breach.”

With AI-powered scams growing faster than ever, the message from security researchers is to enjoy the deals, but shop with caution and never let urgency override judgement.

The post Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats appeared first on IT Security Guru.

Casino security used to be pretty straightforward. You had cameras watching the floor and security guards watching for suspicious players. These days, things are way more complicated. Casinos deal with hackers, data breaches, and scammers who go after players through their phones and computers. The technology protecting casinos has improved a lot, but there’s still one weak spot that doesn’t get enough attention: most players have no idea how to protect themselves online.

You can spend millions on fancy security systems, but it doesn’t help much when a player clicks on a fake email or uses “password123” for their account. Criminals know that people are usually easier to trick than to break through firewalls. That’s why teaching players about security needs to be a priority, not something casinos ignore.

Building Security Awareness From Day One

When someone signs up for a casino account, that’s when they should learn the basics. But most sites just show a wall of legal text that nobody bothers reading. What actually works is giving people simple, useful advice. Things like how to make a strong password or how to tell if an email is really from the casino or just a scam.

Sweepstakes platforms are a type of casino that works differently from regular online sites. They use virtual money instead of real cash, which can be new for beginners. Offering premium sweepstakes helps new players learn how the system works and enjoy the games safely. This way, they can play the game confidently and with peace of mind.

Banks spend years educating customers to check URLs before logging in and never share sensitive account info over the phone, even with their staff. It worked. Casinos should do the same thing. Security tips need to show up regularly, not just once during signup.

Why Security Awareness Really Matters

The casino industry keeps getting bigger. In 2023, it was estimated that there were over 1.5 billion people playing online gambling games worldwide. That’s a lot of people who could run into security problems. Every new player can either help keep things safe or accidentally give criminals a way in. When millions of people are using these sites, even a few falling for scams adds up fast.

Teaching players about security takes effort, but it’s worth it. Players who know what to watch for make fewer mistakes. They spot weird activities happening in their accounts and report them quickly. They feel better about using the platform, so they keep coming back and recommend it to people they know.

Making Security Education Something Players Actually Want

Nobody wants a boring security lecture when they’re trying to have fun. The trick is teaching people without making it feel like school. Quick videos, simple quizzes with small prizes, and occasional reminders work way better than long presentations.

There are good moments to bring up security naturally. When someone makes their first deposit, you can explain how the site protects their payment info. When they contact support, the team can mention a security tip while helping them. The goal is to make this stuff feel helpful instead of annoying.

Some casinos treat security education like a mini-game. Players already like earning points and unlocking rewards, so applying it here will be useful. Give out bonus credits or badges for finishing security lessons. A few sites even run contests where players practice spotting fake emails or recognizing secure websites.

Building a Community That Watches Out for Each Other

Teaching individual players helps, but things work even better when the community gets involved. When someone in a forum spots a scam and warns others, that message spreads way faster than any official email. Casinos should make reporting simple and recognize players who help catch problems.

Scams targeting casino players are a real problem in the US. Between 2022 and mid-2025, the Better Business Bureau (BBB), an organization for ethical standards, reported receiving almost 200 scam reports and over 10,000 complaints about online gaming. People reported getting their money stolen, not understanding the terms, and having a hard time telling real betting sites apart from fake ones. 

Chat rooms and social media groups connected to gaming sites are where scammers like to operate. Players who recognize the warning signs can help protect new people before they lose money.

Being honest about security issues builds trust, too. When a casino has a security problem and tells players exactly what happened and how they’re fixing it, people respect that. It shows the casino sees players as partners instead of just customers. This kind of openness makes players take their own security habits more seriously.

Wrapping Up 

You can’t turn players into security experts overnight. One training video during signup won’t stick. Regular updates about new scams, reminders about password basics, and positive feedback when players report issues all help build better habits gradually.

Technology matters a lot for casino security. But it can’t do everything alone. When players know how to protect themselves and actually participate in keeping things safe, they stop being the weak link. They become the strongest defense a casino has.

The post How User Education Can Become the Strongest Link in Casino Security appeared first on IT Security Guru.

How CTEM Helps Cyber Teams to Become More Proactive

Software, infrastructure, and third-party services change far faster than quarterly audit cycles, which increases the risk of data and infrastructure exposure.

In the UK, just over four in ten businesses and three in ten charities identified a cyber breach or attack in the last 12 months alone. Phishing is dominant, and larger organisations are hit more often. ENISA’s latest threat landscape lists availability attacks, ransomware, and data threats as the top three cybersecurity concerns across Europe. It can be a lot to keep up with.

Today’s security teams need a way to keep exposure data current and to turn that data into work that actually removes attack paths. Continuous threat exposure management (CTEM) serves as the basis for that cadence, as it runs as a repeatable loop. CTEM enables teams to scope what matters, discover the real attack surface, prioritise by reachability and likely impact, validate in the way an attacker would, and route fixes through the tooling you already use.

For developer-led organisations, the advantage is straightforward. Rather than noisy findings and notifications, CTEM provides a framework for reproducible work items so you close meaningful paths quickly instead of growing a backlog of low-signal tickets.

A Developer’s Framework for CTEM

A simple way to operationalise CTEM is the DEPTH method: Discover, Evaluate, Prioritise, Test, Hand-off. It maps neatly to normal delivery rhythms without creating unnecessary complexity and bureaucracy.

Discover. Keep a continuous inventory of what is actually reachable from the internet, one service at a time. This can include domains and subdomains, API gateways and endpoints, object stores, edge devices, certificates, and identity integrations. Treat identity posture as exposure in its own right. Stale tokens, over-broad roles, default credentials, and unaudited service accounts are just as exploitable as a common vulnerability and exposure (CVE).

Evaluate. Attach signals so triage is deterministic. For each finding, store the CVE, the exploit prediction scoring system (EPSS) probability, inclusion in CISA’s known exploited vulnerabilities (KEV) database, authentication state, blast-radius indicators (data sensitivity, privilege reach), and a small proof of reachability (for example, a curl output, test URL, or certificate details). Keep the schema compact enough to sort in an issue tracker.

Prioritise. Use an ordering rule that anyone can apply. Internet-exposed items that are KEV-listed go first. Next, rank by EPSS probability (higher first). Break ties by unauthenticated reachability and then by data sensitivity. Maintain a parallel queue for identity and configuration faults that open paths even without a CVE. Publish this rubric at the top of the board to aid in decision-making.

Test. Prove exploitability and control efficacy in the environment you run today. Keep checks short and scriptable. Examples are a curl or HTTPie snippet for an insecure direct object reference (IDOR) or weak-auth path; a signed URL to demonstrate public object-store access; a one-liner to verify default credentials on a lab-scoped edge device; or, an OpenSSL command to confirm certificate or TLS posture. Ensure the scripts are idempotent for retesting after a fix, and save the artifacts along with the ticket. For APIs, align test cases with the common failure modes you already track.

Hand-off. Convert proof into change using the rails you already have. Standardise the ticket: owner, environment, link to reachability proof, EPSS score, KEV status, fix approach, rollback plan, and the exact retest command. Route through change control and CI/CD. Close only when the retest passes in the target environment. For software-supply-chain items, ensure policy and build pipelines reflect secure-development practices rather than ad-hoc checks.

Integration Touchpoints

In security operations and monitoring, enrich alerts with exposure context so events touching known high-risk assets are ranked higher by default. If a relevant CVE enters an actively exploited list, adjust priority accordingly.

In change management, add a simple control to the template. A CTEM checkbox stating “retest script attached and passing” is useful here, so that evidence is required at approval rather than after deployment.

In the SDLC, treat exposure checks like any other quality gate: keep validation scripts in the same repository as your IaC and application code, run them post-deploy in staging, and schedule safe, read-only checks against production endpoints where appropriate.

This keeps evidence versioned, reproducible, and close to the code. For third-party and open-source exposure, track both the upstream fix and your local mitigation. Use a clear baseline for secure development, and surface objective health and provenance signals in builds rather than relying on informal judgements.

Common Failure Modes

Tool sprawl without ownership. Adding scanners without assigning triage and closure grows the backlog and erodes trust. Keep outputs flowing into the same issue tracker, and apply SLAs only to items with proof and reachability so effort tracks risk, not volume.

Counting patches instead of paths removed. If a CVE is marked fixed but an object store remains public, the path still exists. Make “closed and retested” your lead metric, not “PR merged.”

Ignoring identity. Weak authentication, stale tokens, and overly broad roles create routine lateral movement. Keep identity items in the same queue and run them through the same DEPTH flow as infrastructure and code.

Enabling a Proactive Approach

CTEM replaces ad-hoc reaction with an operating rhythm that ties signals to fixes. Discovery jobs refresh the exposed surface for one service. Triage applies a simple ordering rule that combines KEV status and EPSS probability with reachability. Validation turns each top item into a short and scriptable proof. Mobilisation converts that proof into a change ticket with an owner, rollback plan, and an exact retest command.

CI runs the same script after the change and fails if the path still exists. The board shows “attack paths removed” and “time to risk reduction” as the lead metrics.

The result is a closed loop. On a rolling basis, you learn what’s exposed, you choose the highest-likelihood, highest-impact items, you prove them, you fix them, and you retest automatically. That is what “proactive” looks like. This means less time waiting on alerts and more time closing off the routes attackers actually use.

With CTEM, the goal is simple: a smaller exposed surface, fewer reachable attack paths, and faster time to risk reduction. CTEM, implemented with DEPTH and wired into delivery and operations, keeps those outcomes on a timetable that teams can sustain, without adding complexity or creating a parallel process.

The post How CTEM Helps Cyber Teams to Become More Proactive appeared first on IT Security Guru.

Salt Security has announced Salt MCP Finder technology, a dedicated discovery engine for Model Context Protocol (MCP) servers, the fast-proliferating infrastructure powering agentic AI. MCP Finder provides an organisation with a complete, authoritative view of its MCP footprint at a moment when MCP servers are being deployed rapidly, often without IT or security awareness.

As enterprises accelerate the adoption of agentic AI, MCP servers have emerged as the universal API broker that lets AI agents take action by retrieving data, triggering tools, executing workflows, and interfacing with internal systems. But this new power comes with a new problem: MCP servers are being deployed everywhere, by anyone, with almost no guardrails. MCPs are widely used for prototyping, integrating agents with SaaS tools, supporting vendor projects, and enabling shadow agentic workflows in production.

This wave of adoption sits atop fractured internal API governance in most enterprises, compounding risk. Once deployed, MCP servers become easily accessible, enabling agents to connect and execute workflows with minimal oversight. This becomes a major source of operational exposure.

The result is a rapidly growing API fabric of AI-connected infrastructure that is largely invisible to central security teams. Organisations currently lack visibility regarding how many MCP servers are deployed across the enterprise, who owns or controls them, which APIs and data they expose, what actions agents can perform through them, and whether corporate security standards and basic controls (like authentication, authorisation, and logging) are properly implemented.

Recent industry observations show why this visibility crisis matters. One study showed that only ten months after the launch of the MCP, there were over 16,000 MCP servers deployed across Fortune 500 companies. Another showed that in a scan of 1,000 MCP servers, 33% had critical vulnerability and the average MCP server had more than 5. MCP is quickly becoming one of the largest sources of “Shadow AI” as organisations scale their agentic workloads.

According to Gartner^® “Most tech providers remain unprepared for the surge in agent-driven API usage. Gartner predicts that by 2028, 80% of organisations will see AI agents consume the majority of their APIs, rather than human developers.”

Gartner further stated, “As agentic AI transforms enterprise systems, tech CEOs who understand and implement MCP would drive growth, ensure responsible deployment and secure a competitive edge in the evolving AI landscape. Ignoring MCP risks falling behind as composability and interoperability become critical differentiators. Tech CEOs must prioritize MCP to lead in the era of agentic AI. MCP is foundational for secure, efficient collaboration among autonomous agents, directly addressing trust, security, and cost challenges.”*

Salt’s MCP Finder technology solves the foundational challenge: you cannot monitor, secure, or govern AI agents until you know what attack surfaces exist. MCP servers are a key component of that surface.

Nick Rago, VP of Product Strategy at Salt Security, said: “You can’t secure what you can’t see. Every MCP server is a potential action point for an autonomous agent. Our MCP Finder technology gives CISOs the single source of truth they need to finally answer the most important question in agentic AI: What can my AI agents do inside my enterprise?”

Salt’s MCP Finder technology uniquely consolidates MCP discovery across three systems to build a unified, authoritative registry:

1. External Discovery – Salt Surface
   Identifies MCP servers exposed to the public internet, including misconfigured, abandoned, and unknown deployments.
2. Code Discovery – GitHub Connect
   Using Salt’s recently announced GitHub Connect capability, MCP Finder inspects private repositories to uncover MCP-related APIs, definitions, shadow integrations, and blueprint files before they’re deployed.
3. Runtime Discovery – Agentic AI Behavior Mapping
   Analyses real traffic from agents to observe which MCP servers are in use, what tools they invoke, and how data flows through them.
   

Together, these sources give organisations the single source of truth required to visualise risk, enforce posture governance, and apply AI safety policies that extend beyond the model into the actual action layer.

Salt’s MCP Finder technology is available immediately as a core capability within the Salt Illuminate platform.

*Source: Gartner Research, Protect Your Customers: Next-Level Agentic AI With Model Context Protocol, By Adrian Lee, Marissa Schmidt, November 2025.

The post Salt Security Launches Salt MCP Finder Technology appeared first on IT Security Guru.

Nominations are now open for the 2026 Most Inspiring Women in Cyber Awards! The deadline for entry is the 9th January 2026. We’re proud to be media supporters once again. 

The 2026 event is hosted by Eskenzi PR and sponsored by Fidelity International, BT, Bridewell and Plexal – organisations that are leading the way in making the cybersecurity industry more inclusive. The 6th annual event, held at the iconic BT Tower on the 26th February 2026, aims to celebrate trailblazers at all stages of their careers from across the cybersecurity industry who are doing exceptional things. 

Additionally, Eskenzi PR has partnered with some of the most influential women in cyber groups to help shape the awards, ensuring they are more inclusive and intersectional than ever before. By partnering with WiCyS UK & Ireland Affiliate and Women in Tech and Cybersecurity Hub (WiTCH), it is hoped that the 2026 event will reach an even wider range of inspirational women from across all corners of the globe.

Aiding in this mission, cybersecurity consultancy Bridewell has committed to sponsoring a bursary that will allow the UK based winners of the Ones to Watch category to attend the awards with paid travel and accommodation. A new addition for the 2026 awards, sparked by industry feedback, this move is hoped to remove the financial barriers of attending industry events for people starting out in their careers.

Cybersecurity continues to face challenges with diversity and representation. According to research by ISC2, women now make up about 22% of the global cybersecurity workforce. Despite the industry’s growing demand for skilled professionals – driven by escalating talent shortages and increasingly sophisticated threats – representation remains limited. Building a more inclusive cybersecurity community requires visible role models, mentorship, and active encouragement. After all, we cannot become what we cannot see.

The Most Inspiring Women in Cyber Awards aims to bring together and empower incredible women (both established and those starting out their careers) and make long lasting connections.

Nominations can be submitted via this link and will remain open until 5pm on Friday 9th January 2026. An esteemed panel of judges (yet to be confirmed) will then review the submissions and narrow the list down to the Top 20, each of whom will be profiled on the IT Security Guru. There will also be five women crowned ‘ones to watch’.

On the 26th February 2026, a physical awards ceremony will be held in London at the iconic BT Tower. The event will include a welcome address and an informal panel discussion with a Q&A featuring industry leaders. Then, the finalists will be awarded their certificates and trophies. The event will conclude with networking over food and drinks at the top of the tower. Finalists, judges, and guests are welcome to attend in person and the public can tune in to the ceremony via a live stream. More information to be provided soon.

The award’s founder, Yvonne Eskenzi, said: “We’re delighted to once again host the Most Inspiring Women in Cyber Awards, supported by industry leaders including Fidelity International, Bridewell and Plexel. With BT’s continued partnership, it’s a pleasure and a privilege to return to the iconic BT Tower once again for this special occasion. At Eskenzi, we remain deeply committed to championing diversity in cybersecurity through meaningful action. Together with leading women’s networks and forward-thinking organisations, the Most Inspiring Women in Cyber Awards aims to celebrate, elevate and empower women across the sector while helping to forge lasting connections among all who attend.”

‘Women in Cyber’ group, at Fidelity International, said: “At Fidelity International, supporting the 2026 Most Inspiring Women in Cyber Awards reflects our belief that empowering women strengthens cybersecurity. As cyber threats intensify, diverse perspectives are key to safeguarding our digital future. By championing talent and creating opportunities, we aim to inspire the next generation of women leaders in cybersecurity.”

Laura Price, Cyber Skills Partnerships Manager at BT Business, said: “At BT Business, we’re committed to helping organisations stay connected, secure, and future ready. Supporting the Most Inspiring Women in Cyber Awards reflects our belief that diversity and innovation go hand in hand. By celebrating role models and amplifying voices, we aim to inspire the next generation of cyber leaders and strengthen the resilience of businesses in an increasingly digital world.”

Diane Gilbert, Senior Lead Programmes at Plexal, said: “Plexal supports women in cyber to build careers and grow their businesses. Wonderful moments like the Most Inspiring Women in Cyber Awards provide an opportunity to celebrate the increased inclusion and diversification of the industry to date. And reinforces the important role we all play in keeping the momentum going on female representation in the sector. Plexal is excited to be a returning sponsor of the 2026 awards.” 

For more information and to nominate visit: https://www.itsecurityguru.org/most-inspiring-women-cyber-2026/

The post Nominations Open For The Most Inspiring Women in Cyber Awards 2026 appeared first on IT Security Guru.

Amelia Hewitt, Co-Founder (Director of Cyber Consulting) at Principle Defence and Founder of CybAid, and Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, are proud to announce the launch of the second series of The Cyber Agony Aunt Podcast (formerly Securely Yours Podcast). The new season is now available to stream on all major platforms.

The Cyber Agony Aunt Podcast is an empowering series hosted by Hewitt and Taylor, two accomplished cybersecurity professionals, recorded at Matinee Studios in Reading, UK. Drawing on their extensive experience in the field and their roles as mentors, they use an “agony aunt” format to address the real-life questions and challenges faced by professionals.

Inspired by classic magazine advice columns, the podcast offers practical guidance for those building and thriving in cybersecurity and related careers. Through candid conversations and questions from mentees and peers, Hewitt and Taylor explore pressing topics such as active allyship, burnout, sexual harassment, threat intelligence, and overcoming adversity. Their confessional tone ensures that no issue is considered off-limits.

To further enrich the series, Season 2 features a selection of seasoned professionals who share their perspectives, lived experiences, and expert insights in specially curated episodes. Amelia Hewitt and Rebecca Taylor have had the privilege of speaking with:

• Callum Stott(Sales Director at Matinée Multilingual),
• Karl Lankford(Senior Director, Solutions Engineering at Rapid7),
• Phoebe Farrelly(Deals – Lead Advisory & Restructuring at PWC, and Branch Coordinator for CyberWomen Groups C.I.C),
• Nikki Webb(Global Channel Manager at Custodian360, Founder of The Cyber House Party, and Volunteer Marketing Coordinator at The Cyber Helpline),
• Will Lyne(Head of Economic & Cybercrime at the Metropolitan Police Service),
• Pauline Campbell (Principal Lawyer at London Borough of Waltham Forest & Social Justice Author),
• Jake Moore(Global Cybersecurity Advisor at ESET)
• Zak Layton-Elliott(Director of Partnerships at CybAid ,and Cyber Security Analyst at Principle Defence).

The Cyber Agony Aunt Podcast offers practical guidance for anyone seeking to advance their career in cybersecurity. Driven by the belief that everyone should thrive, not merely survive, the series aims to make professional growth attainable through accessible, actionable advice. Hewitt and Taylor approach even the most complex and uncomfortable topics with honesty and empathy, ensuring no conversation is left unspoken and no listener feels alone.

Co-host Amelia Hewitt said: ‘It’s been an incredible journey. We have been very fortunate to have lots of guests on the series, all happy and willing to share their opinions and thought leadership. This series is a real eye opener, myth buster and level setter for anyone wanting to understand the nitty gritty of a career in the cyber industry.’

Co-host Rebecca Taylor added: ‘This podcast is about showing that no-one in cyber is alone. By bringing together voices from across the industry, we’re breaking down barriers, sharing real experiences, and proving that a career in cyber is possible for anyone – even with all its challenges. We’re not shying away from the tough conversations; we’re having them, so others don’t have to face them in silence.’

The Cyber Agony Aunt Podcast, hosted by Amelia Hewitt and Rebecca Taylor, is now available to stream on all major platforms. Their first book, Securely Yours, is also available for purchase on Amazon (you can read the IT Security Guru’s Q&A with the hosts here). The duo are currently working on their highly anticipated second book, ‘Resilient You: An Agony Aunts’ Guide to Keeping It Together’, scheduled for release in April 2026.

The post Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers appeared first on IT Security Guru.

The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the EU’s efforts to bolster cybersecurity resilience and streamline vulnerability coordination across member states.

As a Program Root, ENISA will serve as the central point of contact for national authorities, EU CSIRTs network members, and other partners operating under its mandate. The move aligns with major legislative efforts such as NIS2 and the Cyber Resilience Act, while further supporting the rollout of the EU Vulnerability Database (EUVD).

Boris Cipot, Principal Security Engineer at Black Duck, described the development as “a major step toward a stronger cybersecurity resilience in Europe,” noting that centralizing vulnerability coordination “ensures a faster, more consistent handling of security vulnerability information across the EU while also aligning with key initiatives like NIS2 and the Cyber Resilience Act.”

He added that ENISA’s new role gives the bloc “the needed strategic autonomy in vulnerability management,” reducing reliance on non-EU entities and helping “harmonize the CVE practices across European member states.”

Cipot also highlighted the long-term benefits for researchers and vendors and said “the idea and goal is to give researchers and cybersecurity vendors the capability to gain CVE ID assignment quicker, have a clearer legal guidance under EU law, and gain enhanced visibility through both the EUVD and global CVE listings.”

Daniel dos Santos, head of research at Forescout, explained that the designation reflects momentum on both sides. “It shows both ENISA’s commitment to the CVE program and also that the CVE program is interested in having ENISA’s contributions there,” he said. “Everyone gains when there are more organizations involved in shaping the CVE program and the future of vulnerability reporting.”

He also noted that the shift should “facilitate the process for national authorities, CSIRTs and other partners, since they can have a single point of contact with the CVE program in Europe,” while helping researchers and vendors agree on coordinated disclosure practices.

However, both experts cautioned that successful implementation would depend heavily on resources. Cipot pointed to potential integration challenges, including alignment of policies and tooling, while dos Santos emphasized the need for sustained investment.

“The main challenge is ensuring that ENISA has enough funding and resources to fulfil its ongoing mission of “achieving a high common level of cybersecurity across Europe” while now also having an extended role in the CVE program,” explained Forescout’s dos Santos. “There have been several additions to ENISA’s mandate recently, with the launch of the EU Vulnerability Database and the Cyber Resilience Act. As the recent NVD backlog and funding issues have shown, vulnerability reporting is a task that demands a significant amount of time and effort, so ENISA will have to balance that with their ongoing responsibilities.”

With ENISA taking on greater responsibility in vulnerability reporting and coordination, its performance will be closely watched by security teams, vendors and policymakers alike across the region.

The post ENISA becomes CVE Program Root, strengthening Europe’s vulnerability management framework appeared first on IT Security Guru.

Today, APIContext, has launched its Model Context Protocol (MCP) Server Performance Monitoring tool, a new capability that ensures AI systems respond fast enough to meet customer expectations.

Given that 85% of enterprises and 78% of SMBs are now using autonomous agents, MCP has emerged as the key enabler by providing an open standard that allows AI agents access tools, like APIs, databases, and SaaS apps, through a unified interface. Yet, while MCP unlocks scale for agent developers, it also introduces new complexity and operational strain for the downstream applications these agents rely on. Even small slowdowns or bottlenecks can cascade across automated workflows, impacting performance and end-user experience.

APIContext’s MCP server performance monitoring tool provides organisations with first-class observability for AI-agent traffic running over the MCP. This capability enables enterprises to detect latency, troubleshoot issues, and ensure AI workflows are complete within the performance budgets needed to meet user-facing SLAs. For example, consider a voice AI customer support system speaking with a caller. If the AI sends a query to the MCP server and has to wait for a response, the caller quickly becomes irritated and frustrated, often choosing to escalate to a human operator. This kind of latency prevents the business from realising the full value of its AI operations and disrupts the customer experience.

Key Benefits of MCP Performance Monitoring Includes:

• Performance Budgeting for Agentic Workflows: Guarantees agent interactions are completed under required latency to maintain user-facing SLAs. 
• Root Cause Diagnosis: Identifies whether delays are caused by the agent, MCP server, authentication, or downstream APIs. 
• Reliability in Production: Detects drift and errors in agentic workflows before they affect customers.

“AI workflows now depend on a distributed compute chain that enterprises don’t control. Silent failures happen outside logs, outside traces, and outside traditional monitoring,” said Mayur Upadhyaya, CEO of APIContext. “. With MCP performance monitoring, we give organisations a live resilience signal that shows how machines actually experience their digital services so they can prevent failures before customers ever feel them.”

For more information on APIContexts’ MCP Performance Monitoring Tool, visit https://apicontext.com/features/mcp-monitoring/ 

The post APIContext Introduces MCP Server Performance Monitoring to Ensure Fast and Reliable AI Workflows appeared first on IT Security Guru.

As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations, is warning of a critical inflection point for 2026, where organisations are facing more cyber threats with fewer resources to defend against them.

According to Young, the cumulative effect of years of belt-tightening across cybersecurity teams and agencies is beginning to surface in major breaches and systemic failures. “Many organisations have been forced to delay modernisation, freeze hiring and reduce investment in defensive capabilities,” said Young. “The result is fewer defenders, slower detection, and weakened resilience, just as adversaries become more aggressive and technologically advanced.”

This year alone has already painted a stark picture. Major supply chain attacks, including a massive compromise of Oracle Cloud affecting over 140,000 tenants and the Salesloft/Drift breach, have demonstrated how underinvestment in cyber resilience can cascade across entire digital ecosystems. Even industrial sectors have been hit hard; for instance, Jaguar Land Rover’s factory shutdown following a cyberattack disrupted production for weeks and exposed the fragility of global supply chains.

Young warned that these incidents are not isolated events, but symptomatic of a deeper issue. “Unfortunately, it’s unlikely that 2025’s headline breaches are not the peak, they’re the warning signs. As we move into 2026, the legacy of these cuts will continue to degrade organisations’ defensive posture. We’ll likely see fewer, but far more impactful, attacks focused on shared platforms, third-party suppliers and critical infrastructure.”

He also acknowledged the societal aspect of the problem at large. Alongside highly coordinated campaigns by criminal and state-backed groups, Bridewell has observed a sharp rise in so-called ‘casual’ cyber aggression. Increasingly, attacks are being launched by loosely connected individuals, often teenagers, using freely available tools or AI-assisted exploit kits.

“This new wave of attackers doesn’t always fit the traditional profile,” explained Young. “We’re seeing a generation that grew up online, with access to open-source data, leaked credentials and automated tools that make disruption easy. What’s changed is the lack of deterrence. In online communities, the reputational rewards of causing chaos often outweigh the perceived risk by these individuals of getting caught.”

Bridewell believes this blend of economic strain, social disaffection and accessible hacking technology is fuelling a dangerous convergence. With reduced resources for defenders and a surge in opportunistic threat actors, organisations face a double blow between complex, targeted attacks on one hand and erratic, highly visible disruptions on the other.

“Cybersecurity is now facing the same kind of social and economic pressures that drive crime in the physical world,” said Young. “When times get tough and oversight weakens, the barrier to entry for malicious activity falls. If we continue underinvesting in resilience and accountability, we risk normalising cyber aggression as a form of expression or protest.”

Looking ahead to 2026, Bridewell predicts that cyber incidents will become less frequent but far more destructive, with greater operational, reputational and regulatory fallout for unprepared organisations. To mitigate this, Young stressed that technical measures must be matched with broader efforts to rebuild digital accountability, shared defence mechanisms and societal norms around online harm.

The post Bridewell CEO gives cyber predictions for 2026 appeared first on IT Security Guru.

API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI models and data, Salt is the first to secure the MCP servers and APIs where AI agents have a real-world impact, now finding them in code before they are ever deployed.

With GitHub Connect, Salt enables customers to securely connect their public and private GitHub repositories to the Salt Illuminate platform, extending visibility across the full API lifecycle. The new capability analyses code to proactively discover APIs, MCP servers, and configurations directly from source code. Critically, it identifies relevant tools and exposed APIs even when the MCP is hosted elsewhere. This discovery is immediately prioritized by Salt’s traffic-free risk-scoring capability, which accelerates time-to-insight by assigning quantifiable risk scores without requiring traffic collection.  As Gartner® notes, “Software engineering leaders must investigate the suitability of MCP servers obtained especially from public sources.”

This launch advances Salt Illuminate, the platform purpose-built to discover, govern, and secure the API fabric. As organizations embed AI agents, Salt Illuminate is the only platform that delivers complete MCP coverage, discovering them in code (GitHub Connect), monitoring their runtime traffic (Agentic AI), and finding their external exposure (MCP Surface Scan). This bridges code-level and runtime posture governance, enabling teams to reduce risk across the full API lifecycle.

Nick Rago, VP of Product Strategy, Salt Security, said: “AI agents and MCP servers have transformed how digital systems communicate and act. By extending discovery into GitHub, Salt Illuminate gives customers visibility into API and MCP risks long before deployment. This proactive intelligence is critical to safeguarding the API fabric that drives modern innovation.”

Modern code repositories have become the blueprint for the wider API ecosystem, shaping how applications and AI agents interact. GitHub Connect enables organisations to identify shadow APIs and MCP servers by analysing source code for configuration patterns and exposed tools, even when those services are hosted elsewhere. It also supports a “shift-left” approach to governance by highlighting high-risk MCPs in private repositories so that policy can be applied before deployment. By bringing code-level insights into Salt’s unified risk model, it ensures that APIs and MCPs discovered in source code receive the same risk scoring as those identified at runtime.

The post Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories appeared first on IT Security Guru.

KnowBe4’s award-winning training content has now merged together under one umbrella, branded as KnowBe4 Studios. It will feature AI-forward training, fresh content, interactive games and expanded storytelling for an enhanced, immersive experience. KnowBe4’s content is among the highest rated in the industry, with an average rating of 4.6 out of 5 based on reviews from over 100 million learners globally. KnowBe4 brings 15 years of user behaviour data and training preferences to shape the new KnowBe4 Studios.

“This is the next evolution of our global team to continue to raise the standard of the most engaging security and compliance training in the market,” said John Just, chief learning officer, KnowBe4. “With KnowBe4 Studios, customers can anticipate even more high-quality content that they expect to see from KnowBe4.”

“The knowledge that users gain from the training and additional resources will carry with our students beyond their time here at Bridgewater State University and help keep them aware and safe of future scams,” said Tina Rebello, information security analyst, Bridgewater State University ResNet team. “KnowBe4 has a lot of really great features. Their shorter scenarios help keep the user’s attention and help make the training more effective. I also love the individual modules, which are interactive and emulate realistic scenarios.”

One example of KnowBe4’s training is the blockbuster, riveting, network-quality video series called The Inside Man. The exclusive series delivers an entertaining, movie-like experience with a compelling story that engages users and creates fans. The Inside Man has won numerous awards, including a Silver Telly and several NYX Video Awards.

See a preview of how KnowBe4 Studios will appear in training videos. These new updates will be reflected in the KnowBe4 training modules soon.

The post KnowBe4 merges training content to create Studios appeared first on IT Security Guru.

In 2025 we’re not just fighting today’s headline-grabbing cyber threats, but we’re also preparing for tomorrow’s. Technology is evolving at a pace that is both fuelling progress for defenders and powering new tools for bad actors. The same advances that drive discovery and innovation also give cybercriminals new ways to attack faster, more broadly and with greater impact. One of the clearest examples of this dual advancement is quantum computing: a breakthrough that could change the world for good, but also put the very foundations of online security at risk.

What is Quantum Computing?

Quantum computing is an emerging technology that processes information in ways traditional computers never could. Instead of working through one calculation at a time, quantum machines harness the principles of quantum mechanics to evaluate countless possibilities simultaneously.

That power has tremendous upside – potentially accelerating breakthroughs in medicine, science and engineering – but also creating a profound security challenge. Once fully realised, quantum computers will be able to break the public-key cryptography in use today, including RSA and Elliptic Curve Cryptography (ECC). These aren’t niche tools: they secure almost everything online. From the HTTPS connections that protect your browsing to digital signatures on software, as well as online banking, healthcare systems, government platforms and consumer accounts – encryption is the trust layer of the internet.

And most of it is not quantum-resistant. While the U.S. National Institute of Standards and Technology (NIST) has begun standardising quantum-safe encryption algorithms, including Kyber, they are not yet widely deployed. That means the logins and records you create today could be tomorrow’s open doors.

Large-scale quantum computers aren’t publicly available yet, but waiting for them to arrive is a mistake. Cybercriminals aren’t waiting – many have already started preparing.

The “Harvest Now, Decrypt Later” Threat

Hackers understand that quantum power is coming, and they’re planning ahead. Their strategy is simple: steal encrypted data now, knowing they’ll be able to decrypt it later. This “harvest now, decrypt later” approach means that stolen banking details, medical records or login credentials, which are protected currently with strong encryption, could be cracked years down the road – long after the original breach is forgotten.

Weak security practices make this problem worse. Keeper Security research shows that only 30% of people regularly update their passwords, leaving 70% exposed. Even more concerning, 41% reuse the same passwords across accounts, creating an easy opening for credential-stuffing attacks, where one stolen password is used to break into multiple accounts. These everyday habits give cybercriminals exactly the weaknesses they can exploit – whether now or in the quantum era.

Start Preparing Today for the Quantum Shift

The best way to defend against tomorrow’s quantum-enabled attacks is to act now. Leading organisations are already evaluating, developing and deploying quantum-resistant encryption, including NIST-approved algorithms like Kyber, to build in future-ready protections.

Individuals and businesses alike can prepare by taking proactive steps:

• Stay aligned with standards: Be sure to stay up-to-date on official guidelines and standards. Organisations should follow trusted guidance from NIST and the Cybersecurity and Infrastructure Security Agency (CISA).
• Update and patch regularly: You don’t need to track every technical update, but you should ensure the tools and providers you utilise are up to date with the latest security standards. Ensuring that products are regularly updated is critical, as patches often contain critical security fixes to keep your information secure.
• Vet your providers: Don’t just trust that a product is secure – verify it. Use products that meet and surpass compliance requirements, especially those that are looking to the future. When selecting a product for yourself or your organisation, vet it thoroughly against standards that are relevant to your needs.
• Reinforce best practices: As always, following existing best practices is the best way to protect yourself now and later. Use strong, unique passwords and change them regularly to defend against both current and future attack methods. The easiest way to manage them is with a trusted password manager, which generates strong passwords and stores them securely. Store sensitive information in secure, encrypted environments – not browsers, shared documents or sticky notes.
• Monitor for exposure: Every minute counts when your information is stolen. Organisations and individuals should use monitoring services that can alert them if their data appears on the dark web, so they can take immediate action.

And don’t abandon today’s encryption. Current standards remain highly effective and are essential to protecting your data today. The challenge is preparing for a post-quantum future while continuing to safeguard the world we live in right now.

Moving Into a Post-Quantum World

Quantum computing and its implications may sound daunting, but the path forward is clear. Strong, proactive measures taken today will help ensure a safer tomorrow.

This Cybersecurity Awareness Month, let’s recognise that preparing for the future is as important as defending against present threats. By reinforcing best practices, demanding future-proof tools and supporting the shift to quantum-resistant encryption, we can secure not only today’s digital world, but the post-quantum world we are heading toward.

The post The Quantum Future Is Coming – Hackers Are Already Preparing appeared first on IT Security Guru.

The development of intelligently integrated, cloud-based management solutions has been a rising trend across major industries for many years. By centralising the collection, analysis and organisation of actionable data within remote-accessible, unified environments, leaders can streamline a wide variety of core processes and positively impact productivity metrics.

These fundamental benefits underline the popularity of X-as-a-Service (XaaS) business models, with around 55% of IT professionals believed to have invested in one or more of these services in recent years. While many businesses may already be well-acquainted with some iterations of XaaS, subscription-based video security plans are a more recent trend.

Reports indicate the Video Surveillance-as-a-Service (VSaaS) market will grow at a CAGR of 18.5% between now and 2028, suggesting many business leaders are at least interested in the potential benefits of VSaaS plans. But is this approach to commercial security really more effective than traditional native video security operations? In some cases, it might be.

What Is Video Surveillance-As-A-Service?

At its core, Video Surveillance-as-a-Service offers businesses the ability to store, access and manage surveillance footage on a secure cloud-based server. The main advantage of such solutions is that internal teams can freely access live and historic surveillance data from any location and at any time. This provides businesses great flexibility in security management.

Business video surveillance usually includes additional security features and integrations, including automated video recording, real-time alerts, cybersecurity tools and integrations with security alarm systems. In essence, if a business requires a flexible approach to commercial security, and lacks the resources to develop native management platforms, VSaaS can be a great solution.

How Does VSaaS Work?

In operation, VSaaS plans work similarly to subscription-based cloud data storage solutions. Cameras installed on the property are linked to an off-site cloud storage and management platform, removing the need for on-premises physical storage devices. Data is streamed to the provider for reporting and monitoring, with internal teams able to access feeds remotely.

VSaaS vendors also handle all maintenance, management and software update processes, affording businesses peace of mind that their security systems will remain free from novel vulnerabilities. Additionally, the cloud-based foundation of VSaaS packages allows for simple scalability, enabling SMEs to expand or reduce operations in line with evolving requirements.

Factors Influencing The Growth Of VSaaS

The growing demand for VSaaS solutions can be directly linked to the increasing adoption of cloud-based services across commercial enterprises as a whole. Data suggests as many as 94% of all organisations on a global scale currently use some form of cloud software, a 14% increase when compared to figures published in 2020. While adoption rates may have been influenced to some extent by the pandemic, leaders remain committed to cloud technologies.

It’s believed large enterprises aspire to move around 60% of their commercial environments to the cloud by 2025. For many, this will likely include existing commercial security solutions. This rising demand for cloud services has not gone unnoticed by providers, with companies like Google and Amazon developing novel cloud zones and infrastructure across the globe.

Entertaining a switch to VSaaS also aligns with many organisations’ needs for cost-efficient and scalable essential services among economic uncertainty. With no requirement to create expensive on-site servers and management systems, and the ability to scale operations as and when needed, VSaaS affords many leaders the flexibility they require in modern times.

The Benefits Of VSaaS For SMEs

The transition from traditional on-premises security management systems to novel VSaaS solutions can bring a number of significant benefits to organisations of all sizes. For SMEs, VSaaS plans may be entertained to reduce workloads shouldered by limited internal teams.

When broken down, the key benefits of VSaaS for SMEs include:

• Optimised data storage – Surveillance systems collect vast amounts of data on a continuous basis, the organisation and management of which can be incredibly time and resource intensive. VSaaS solutions ensure these tasks are performed to a high standard by the service provider, reducing workloads for internal management teams
• Streamlined compliance – Navigating strict data privacy and security management regulations requires constant vigilance from knowledgeable professionals. Under a VSaaS deployment, service providers will ensure all systems maintain HIPAA, FIPS and NDAA compliance, suggesting adjustments if guidelines are expected to change
• Simple scalability – Taking on the expense of developing on-premises surveillance management solutions may be unwise for SMEs planning to scale, with adjustments made to physical systems incurring costs and avoidable downtime. VSaaS solutions can instead be adjusted by providers in direct response to changing business needs
• Remote accessibility – With all surveillance and wider security data automatically stored, managed and made available on a cloud-based platform, stakeholders can access required information from anywhere and at any time. Teams can monitor live security feeds 24/7 from any secure smart device to ensure continuous protection

Physical security will likely always remain a top priority for any business operating out of a physical location. The ability to both monitor key locations and review historical security data forms the backbone of commercial security best practices. However, developing, maintaining and adjusting on-premises security solutions can be incredibly costly and time-consuming.

With many leaders continuing to explore the development of cloud-based business solutions, it’s only natural that security operations have been considered for migration. With the ability to streamline the management, operation and scalability of essential surveillance solutions, VSaaS deployments are only expected to become more popular among global businesses.

The post The Increase In Adoption Of Video Surveillance-As-A-Service appeared first on IT Security Guru.