Crypto analyst CryptoInsight has indicated that the XRP price is on the verge of another crash, with a potential drop below the psychological $2 level. The analyst also revealed the level that the altcoin needs to reclaim to invalidate this bearish outlook. 

XRP Price Risks Crash To Another Low

In an X post, CryptoInsight suggested that the XRP price could crash to a new low. This came as the analyst noted that on the lower time frame, the altcoin has made a higher low after bouncing from range lows. However, it has yet to make a higher high, which provides a bearish outlook. 

The analyst further remarked that until the XRP price makes a higher high, there is likely to be more chop while questioning the possibility of another low revisit. He indicated that XRP will need to break the descending triangle and through the $2.30 level before a reversal can be on the cards. 

However, CryptoInsight is still bullish on the XRP price in the long term. He noted that the higher-time-frame structure is still well and truly intact. The analyst added that the altcoin is holding the yearly range lows as support, which is also the previous 7-year resistance. In line with this, he declared that it is inevitable that XRP records a new all-time high (ATH) in the near future based on liquidity alone. 

Meanwhile, the analyst remarked that he is uncertain whether the XRP price will wick out to the bottom first to regain momentum. Overall, he remains bullish on XRP. Crypto analyst CasiTrades had stated that XRP might need to record one last low before it reverses and rallies to new highs. She highlighted $1.80 and $1.64 as areas that XRP could bottom at. 

XRP Likely To Retest $2.04 With Two Likely Scenarios

In her latest X post, CasiTrades stated that the XRP price is likely heading to retest the macro .5 Fib at $2.04. She noted that this level has been the most important one in the entire correction. Based on this, she outlined two scenarios that could play out if the altcoin drops to that level. The analyst described the first scenario as the bullish new trend. 

Under this scenario, if $2.04 holds as support, the XRP price could break above the $2.41 resistance and push toward $2.65, confirming a new bullish wave structure is forming. CasiTrades remarked that this potential move would strongly suggest that the macro low is already in, with the altcoin eyeing new highs between $7 and $10. 

Meanwhile, the second scenario is a bearish .618 support test. If the XRP price fails to hold $2.04, CasiTrades predicts that it would likely head toward $1.64, completing the full macro .618 retracement before launching into the macro Wave 3. 

At the time of writing, the XRP price is trading at around $2.08, down over 4% in the last 24 hours, according to data from CoinMarketCap.

The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers.

Unlike many other APT groups, Librarian Ghouls does not rely on custom malware. Instead, they exploit legitimate third-party tools such as remote access software, archivers and SMTP utilities to craft near-perfect phishing campaigns, including password-protected files and polymorphic malware that adapts in real time. These tactics allow the attackers to slip past traditional detection controls almost unnoticed.

This incident is part of a broader and growing challenge when cybersecurity tools operate in silos, attackers exploit the gaps between them. Endpoint detection and response (EDR), firewalls, and authentication systems each play an important role, but without integration, they offer only partial visibility.

An EDR solution, for example, may overlook legitimate administrative tools if they do not exhibit overtly malicious behaviour. A firewall will flag anomalous outbound connections but often lacks the context to determine the originating user or endpoint. Authentication logs may capture a series of valid logins without recognising a lateral movement pattern.

The lesson from this is clear – integrated visibility across security layers is critical. Correlating signals from multiple tools is essential to detect complex, multi-stage attacks that no single solution can fully uncover on its own. Without this unified perspective, organisations risk missing the bigger picture until it’s too late.

With multiple security solutions generating alerts, many organisations operate with a false sense of security. Without integration, security is fragmented, leaving gaps for sophisticated attacks to exploit, sometimes for weeks or months.

 

How to protect against threats that evade detection

Organisations need a unified view of their environment and the ability to respond in real time. This is where Managed Detection and Response (MDR) come in. MDR combines advanced threat detection, analytics and human expertise to monitor, investigate, and respond to threats 24/7. Unlike traditional tools working in isolation, MDR correlates signals across endpoints, networks, cloud environments, and identity systems, enabling faster and more accurate detection of suspicious activity.

A strategic MDR approach gives organisations the ability to detect and respond to threats with a level of speed and accuracy that isolated tools cannot match. Firewalls might block unusual connections and EDRs may spot anomalous behaviour but when these signals operate independently, critical patterns can be missed. MDR leverages AI and automation to connect these disparate alerts, allowing real threats to be identified enabling the identification of real threats within minutes. It is effective even when attackers deliberately blend their activity with normal operations.

Once a genuine threat is detected, the speed of response is essential. By providing a unified view across network, endpoint and identity layers, MDR accelerates investigations, reduces operational disruption and helps maintain business continuity while protecting an organisation’s reputation. At the same time, AI-driven correlation filters out noise and false positives, highlighting only the most relevant alerts and providing the context security teams need to act decisively. This focus is particularly valuable in resource-constrained environments, where every second counts and alert fatigue can undermine effectiveness.

The Librarian Ghouls’ breach demonstrated that attackers could circumvent defences when solutions are uncoordinated. It’s like trying to find a needle in a haystack. MDR addresses this challenge by correlating disparate signals, filtering false positives and providing a unified view of infrastructure. By doing this, it amplifies the value of each security layer. EDRs gain the context to identify anomalies, firewalls better interpret network connections and identity systems more accurately flag suspicious access.

The post What your firewall sees that your EDR doesn’t appeared first on IT Security Guru.

Notorious hacking collective Scattered Lapsus$ Hunters takes credit for the breach that affected Salesforce customers’ data, and said it is planning another extortion campaign.

ShinyHunters breached Gainsight apps integrated with Salesforce, claiming access to data from 1000 firms using stolen credentials and compromised tokens.

The infamous ShinyHunters hackers have targeted customer-managed Gainsight-published applications to steal data from Salesforce instances.

The post Salesforce Instances Hacked via Gainsight Integrations appeared first on SecurityWeek.

Salesforce said it’s investigating an incident where hackers compromised some of its customers' data after breaching customer experience company Gainsight.

As global economic pressures increase and budgets across both public and private sectors are cut, Anthony Young, CEO at Bridewell, a company that provides cybersecurity services to CNI organisations, is warning of a critical inflection point for 2026, where organisations are facing more cyber threats with fewer resources to defend against them.

According to Young, the cumulative effect of years of belt-tightening across cybersecurity teams and agencies is beginning to surface in major breaches and systemic failures. “Many organisations have been forced to delay modernisation, freeze hiring and reduce investment in defensive capabilities,” said Young. “The result is fewer defenders, slower detection, and weakened resilience, just as adversaries become more aggressive and technologically advanced.”

This year alone has already painted a stark picture. Major supply chain attacks, including a massive compromise of Oracle Cloud affecting over 140,000 tenants and the Salesloft/Drift breach, have demonstrated how underinvestment in cyber resilience can cascade across entire digital ecosystems. Even industrial sectors have been hit hard; for instance, Jaguar Land Rover’s factory shutdown following a cyberattack disrupted production for weeks and exposed the fragility of global supply chains.

Young warned that these incidents are not isolated events, but symptomatic of a deeper issue. “Unfortunately, it’s unlikely that 2025’s headline breaches are not the peak, they’re the warning signs. As we move into 2026, the legacy of these cuts will continue to degrade organisations’ defensive posture. We’ll likely see fewer, but far more impactful, attacks focused on shared platforms, third-party suppliers and critical infrastructure.”

He also acknowledged the societal aspect of the problem at large. Alongside highly coordinated campaigns by criminal and state-backed groups, Bridewell has observed a sharp rise in so-called ‘casual’ cyber aggression. Increasingly, attacks are being launched by loosely connected individuals, often teenagers, using freely available tools or AI-assisted exploit kits.

“This new wave of attackers doesn’t always fit the traditional profile,” explained Young. “We’re seeing a generation that grew up online, with access to open-source data, leaked credentials and automated tools that make disruption easy. What’s changed is the lack of deterrence. In online communities, the reputational rewards of causing chaos often outweigh the perceived risk by these individuals of getting caught.”

Bridewell believes this blend of economic strain, social disaffection and accessible hacking technology is fuelling a dangerous convergence. With reduced resources for defenders and a surge in opportunistic threat actors, organisations face a double blow between complex, targeted attacks on one hand and erratic, highly visible disruptions on the other.

“Cybersecurity is now facing the same kind of social and economic pressures that drive crime in the physical world,” said Young. “When times get tough and oversight weakens, the barrier to entry for malicious activity falls. If we continue underinvesting in resilience and accountability, we risk normalising cyber aggression as a form of expression or protest.”

Looking ahead to 2026, Bridewell predicts that cyber incidents will become less frequent but far more destructive, with greater operational, reputational and regulatory fallout for unprepared organisations. To mitigate this, Young stressed that technical measures must be matched with broader efforts to rebuild digital accountability, shared defence mechanisms and societal norms around online harm.

The post Bridewell CEO gives cyber predictions for 2026 appeared first on IT Security Guru.

In 2025 we’re not just fighting today’s headline-grabbing cyber threats, but we’re also preparing for tomorrow’s. Technology is evolving at a pace that is both fuelling progress for defenders and powering new tools for bad actors. The same advances that drive discovery and innovation also give cybercriminals new ways to attack faster, more broadly and with greater impact. One of the clearest examples of this dual advancement is quantum computing: a breakthrough that could change the world for good, but also put the very foundations of online security at risk.

What is Quantum Computing?

Quantum computing is an emerging technology that processes information in ways traditional computers never could. Instead of working through one calculation at a time, quantum machines harness the principles of quantum mechanics to evaluate countless possibilities simultaneously.

That power has tremendous upside – potentially accelerating breakthroughs in medicine, science and engineering – but also creating a profound security challenge. Once fully realised, quantum computers will be able to break the public-key cryptography in use today, including RSA and Elliptic Curve Cryptography (ECC). These aren’t niche tools: they secure almost everything online. From the HTTPS connections that protect your browsing to digital signatures on software, as well as online banking, healthcare systems, government platforms and consumer accounts – encryption is the trust layer of the internet.

And most of it is not quantum-resistant. While the U.S. National Institute of Standards and Technology (NIST) has begun standardising quantum-safe encryption algorithms, including Kyber, they are not yet widely deployed. That means the logins and records you create today could be tomorrow’s open doors.

Large-scale quantum computers aren’t publicly available yet, but waiting for them to arrive is a mistake. Cybercriminals aren’t waiting – many have already started preparing.

The “Harvest Now, Decrypt Later” Threat

Hackers understand that quantum power is coming, and they’re planning ahead. Their strategy is simple: steal encrypted data now, knowing they’ll be able to decrypt it later. This “harvest now, decrypt later” approach means that stolen banking details, medical records or login credentials, which are protected currently with strong encryption, could be cracked years down the road – long after the original breach is forgotten.

Weak security practices make this problem worse. Keeper Security research shows that only 30% of people regularly update their passwords, leaving 70% exposed. Even more concerning, 41% reuse the same passwords across accounts, creating an easy opening for credential-stuffing attacks, where one stolen password is used to break into multiple accounts. These everyday habits give cybercriminals exactly the weaknesses they can exploit – whether now or in the quantum era.

Start Preparing Today for the Quantum Shift

The best way to defend against tomorrow’s quantum-enabled attacks is to act now. Leading organisations are already evaluating, developing and deploying quantum-resistant encryption, including NIST-approved algorithms like Kyber, to build in future-ready protections.

Individuals and businesses alike can prepare by taking proactive steps:

• Stay aligned with standards: Be sure to stay up-to-date on official guidelines and standards. Organisations should follow trusted guidance from NIST and the Cybersecurity and Infrastructure Security Agency (CISA).
• Update and patch regularly: You don’t need to track every technical update, but you should ensure the tools and providers you utilise are up to date with the latest security standards. Ensuring that products are regularly updated is critical, as patches often contain critical security fixes to keep your information secure.
• Vet your providers: Don’t just trust that a product is secure – verify it. Use products that meet and surpass compliance requirements, especially those that are looking to the future. When selecting a product for yourself or your organisation, vet it thoroughly against standards that are relevant to your needs.
• Reinforce best practices: As always, following existing best practices is the best way to protect yourself now and later. Use strong, unique passwords and change them regularly to defend against both current and future attack methods. The easiest way to manage them is with a trusted password manager, which generates strong passwords and stores them securely. Store sensitive information in secure, encrypted environments – not browsers, shared documents or sticky notes.
• Monitor for exposure: Every minute counts when your information is stolen. Organisations and individuals should use monitoring services that can alert them if their data appears on the dark web, so they can take immediate action.

And don’t abandon today’s encryption. Current standards remain highly effective and are essential to protecting your data today. The challenge is preparing for a post-quantum future while continuing to safeguard the world we live in right now.

Moving Into a Post-Quantum World

Quantum computing and its implications may sound daunting, but the path forward is clear. Strong, proactive measures taken today will help ensure a safer tomorrow.

This Cybersecurity Awareness Month, let’s recognise that preparing for the future is as important as defending against present threats. By reinforcing best practices, demanding future-proof tools and supporting the shift to quantum-resistant encryption, we can secure not only today’s digital world, but the post-quantum world we are heading toward.

The post The Quantum Future Is Coming – Hackers Are Already Preparing appeared first on IT Security Guru.

The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies a once technically complex campaign flow, further “democratising” phishing for less skilled cybercriminals. It is thought to primarily target Microsoft 365 users.

Removing Barriers of Entry

Quantum Route Redirect bundles several capabilities that remove technical barriers to running a sophisticated phishing campaign: it uses behavioural detection to distinguish automatically between human and automated traffic, and intelligent routing to sort visitors without manual intervention. It also provides a a simplified analytics dashboard that presents comprehensive victim data – including location, device type and browser information – in an intuitive format. The platform also includes real-time monitoring displays campaign performance and success metrics so operators need no specialised technical expertise.

According to KnowBe4, the Phishing-as-a-Service (PhaaS) platform is capable of distinguishing between security tools and genuine users, directing the former to legitimate websites while sending the latter to the phishing version. This technique enables it to bypass URL scanners and certain web application firewalls. The platform also includes user-friendly features designed to support less technically skilled cybercriminals, such as a configuration panel for managing redirect rules, settings and routing logic; monitoring dashboards displaying traffic analytics; intelligent traffic routing to automatically sort visitors; and an analytics dashboard showing details such as victim location, device type and browser information.

To Carry Out An Attack

From the target’s perspective, these campaigns typically begin with a phishing email. Attackers usually cast a wide net using a range of themes and tactics designed to maximise victim engagement. These often include impersonation of services such as DocuSign and other agreement platforms, payroll-related scams, fake payment notifications, fraudulent “missed voicemail” messages, and QR code phishing (also known as quishing).

When the hyperlink is first activated, either by a security tool (bot) scanning it or by a person clicking on it, the request is intercepted by Quantum Route Redirect and sent for processing. The platform’s central routing engine then analyses all incoming traffic, using behavioural analysis to distinguish intelligently between bots and humans. Acting as both a classifier and router, the engine determines the appropriate destination for each request.

If the traffic is identified as originating from a bot, it is redirected to a safe URL, preventing access to the real phishing site. This protects the malicious infrastructure from exposure by security scanners and increases the likelihood that a genuine user will interact with the email, unless it is blocked by other detection mechanisms. Conversely, if the visitor is recognised as human, they are redirected to the actual phishing website, where attackers attempt to harvest Microsoft 365 credentials.

The Quantum Route Redirect system also provides administrative access for the cybercriminals operating these campaigns, featuring two streamlined management interfaces: a configuration panel for managing redirect rules, settings and routing logic, and a visitor statistics dashboard offering analytics such as traffic data to assess campaign performance.

Global Impact

This campaign has successfully compromised victims across 90 countries, demonstrating remarkable international reach. The US has borne the brunt of the attacks so far, accounting for 76% of affected users, while the remaining 24% are distributed worldwide, making the scope of this threat truly global.

What Should Organisations Do?

KnowBe4 advised security teams to implement a multi-layered defence strategy that incorporates a range of protective measures. These include using natural language processing (NLP) and natural language understanding to analyse email content, alongside URL and payload analysis, domain and impersonation detection, and polymorphic detection techniques. Sandboxing can be employed to inspect suspicious emails, while continuous monitoring helps identify potential account compromise. A human risk management (HRM) platform with advanced behavioural analytics, product telemetry and threat intelligence can generate individual risk scores, enabling personalised user training. In addition, email threat intelligence should be used to inform company-wide education initiatives, supported by rapid incident response procedures designed to isolate compromised users, block access and conduct digital forensics.

The post Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks appeared first on IT Security Guru.

A new research report from Nagomi Security has revealed that, over the past six months, nearly three quarters (73%) of US CISOs have reported a significant cyber incident. The 2025 CISO Pressure Index emphasises how continuous widespread breaches and rising internal strain are reshaping the Chief Information Security Officer (CISO) role.

Nagomi’s 2025 CISO Pressure Index is based on a quantitative survey of 100 US-based CISOs across major industries.

Interestingly, the most consistent pressure isn’t coming from attackers, it’s coming from inside the organisation. According to the data, 87% of CISOs say pressure in their role has increased over the past year. Two-thirds report feeling burned out weekly or daily, and 40% considered leaving their role altogether.

Board expectations, shrinking resources, and tool fatigue are also factors causing additional strain. Notably, 42% of CISOs say expectations from boards and executives are now their greatest source of stress, more than the threats themselves. Most oversee sprawling tool stacks, with 65% managing 20 or more security tools, yet 58% say incidents occurred even though those tools were in place.

What’s more, CISOs face personal accountability when it comes to breaches. Worryingly, 17% say they always feel personally blamed for security incidents, regardless of root cause, and 39% say they often feel blamed – even when incidents fall outside their direct control. If a breach were to occur, 90% say their role may be at risk to some degree. Such pressured environments create the perfect place for burnout to thrive.

We know that AI has introduced new security risks and challenges, but the report notes that it’s also becoming a cost-cutting directive: 82% of CISOs say they’re under pressure to reduce staff using AI. The result is a widening gap between responsibility and control.

Emanuel Salmona, co-founder and CEO of Nagomi Security, said: “CISOs are managing nonstop risk with limited support and even less time. They’re expected to be strategic leaders and first responders all at once. The best way to support them is to share accountability across the business, make outcomes clearer, and give them the space to focus on what actually reduces risk.”

Finally, Nagomi is launching a new docuseries entitled Holding the Line, which features in-depth conversations with security leaders about the personal and professional toll of the role. The series dives into how the job is evolving, where pressure is coming from, and what needs to change.

The post Nearly Three-Quarters of US CISOs Faced Significant Cyber Incident in the Past Six Months, Research Finds appeared first on IT Security Guru.

APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn compliance from a productivity limiter to a business accelerator with measurable efficiency and risk-reduction outcomes. In short, how much time is saved if compliance controls are built into your development or release process, if you have instant access to audit trails and data-flow maps? Salt’s core belief sums it up: you can’t secure AI without securing APIs.

Across hundreds of enterprises, Salt Security’s H2 2025 State of API Security Report shows the same pattern: organizations are racing to ship AI features, but governance and runtime security of the API layer haven’t kept pace. Half (50%) slowed a release due to API risk, one-third (33%) suffered an API incident, 80% lack continuous monitoring, and only 19% are “very confident” in their API inventory. These aren’t theoretical gaps. In the context of AI, this “risk exposure” includes specific threats like data poisoning, model theft, and unauthorized system use that can fundamentally alter an AI system’s behavior. These are real business outcomes in lost time, rework, and increased risk exposure.

Compliance Might Be an API Problem

Meeting these new AI regulations is fundamentally an API security challenge. For instance, the EU AI Act mandates “Accuracy, robustness, and cybersecurity” for high-risk systems (Article 15). This is impossible without securing the API, which your whitepaper identifies as the “primary attack surface”. Similarly, ensuring “Data and Data Governance” (Article 10) relies on securing API conduits to prevent data poisoning and ensure integrity. API security provides the very “logging and traceability” (Articles 12 & 20) needed for human oversight and the complete API discovery required to manage the entire AI lifecycle, as mandated by ISO 42001.

A recent Gartner® report stated, “Model Context Protocol (MCP) and Agent2Agent (A2A) do not replace existing APIs. They rely on APIs for data, context, tools and resources for consumption by autonomous agents and AI applications.”

The expanded attack surface

The volume and sophistication of API-related attacks continue to climb. In fact, Salt Labs reports that nearly every organization (99%) experienced API security issues in the past year. The targeting is based in part on the potential to access and expose personally identifiable information. Of notable concern, a recent report from Salt Labs shows that 96% of attacks come from authenticated sources with 98% of those targeting external-facing APIs.  This shift challenges the historical outside-in perimeter mindset.

Salt Labs also found that the majority of API misuse attempts stemmed from either API1 (Broken Object Level Authorization) or API8 (Security Misconfiguration) vulnerabilities.  For those organizations expanding their AI capabilities, this expanded attack surface carries compliance implications.  Each vulnerability becomes a potential failure in governance.  

As Salt’s research highlights, without strong governance and visibility into APIs that handle sensitive data, organizations struggle to enforce security policies consistently. This often leads to misconfigurations, excessive permissions, and weak access controls, conditions that increase breach risk and jeopardize regulatory readiness.

Compliance today

Frameworks like ISO/IEC 42001 and the EU AI Act highlight that accountability and governance need to be considered from the beginning and not treated as an afterthought.  Organizations that adopt compliance by design now will be the ones ready when enforcement begins.  The benefit extends beyond regulatory alignment; it’s about strengthening operational resilience.

The Gartner® report also stated, “Double down on API security by adding specialist security solutions to supplement standard gateway protections. Rate-limiting and access management, in particular, are vital for APIs AI applications will consume when addressing the risk of data and services being abused by agentic use.”

Salt’s platform was built for exactly this challenge: to give organizations AI-aware visibility, policy-driven governance, and real-time protection across the APIs that power AI systems. Because in the age of intelligent agents, one truth remains: you can’t secure AI without securing APIs.

References:

Gartner, How MCP and the A2A Protocols Impact API Management, Shameen Pillai, Mark O’Neill, Aaron Lord, 25 August 2025

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

The post Why API Security Is Central to AI Governance appeared first on IT Security Guru.

The concept of having a single suite of interconnected products, which come without the headache of installations and with optimal performance from each facet, is sometimes the best option. The other consideration is to go for a ‘best of breed’ selection of products, which may not work together and leave you with vulnerable spots even whilst using the best technology.

This is an issue that cybersecurity vendors are well aware of, and they add new factors to their offerings. I recently met with Securonix whose recent acquisition of ThreatQuotient added a threat intelligence capability to its existing portfolio of security analytics, threat detection, and incident response through its cloud-native Unified Defence SIEM.

Specific and Actionable

A provider of advanced cybersecurity solutions, Securonix said the acquisition strengthens its ability to provide more specific, actionable, and automated insights by integrating threat intelligence directly into its SIEM and UEBA foundation. This comes at a time when customers are looking for fewer vendors and more consolidation, making the unified platform approach attractive.

Its VP Europe, Tim Bury, said this addition strengthens its unified platform by combining UEBA (User and Entity Behaviour Analytics), SIEM, real-time threat intelligence, and AI agents to create more actionable, efficient, and board-relevant security outcomes while reducing complexity, cost, and noise for customers.

He says that customers are looking to try to consolidate the number of providers they have, “but it’s really about extracting that value, and what we were finding is we were always ingesting different feeds, threat feeds, but there wasn’t that platform to make it effective.”

Great Integrations

Bury later admits that having the wider suite is advantageous because it offers a more holistic view. If you don’t take a holistic view of the different components that the customer has, then you’ll be missing things.

“We’re trying to ensure that everything is included,” he says. “In addition to the external sources and threat intelligence content, our customers were using other sources for that, but they couldn’t necessarily do things intelligently that were fully integrated into a single Unified Defence SIEM. It’s about bringing it together.”

That value lies in the integration, Bury claims, while his colleague Cyrille Badeau, VP of International Sales at Securonix, says that leveraging threat intelligence adds more expertise making the SIEM more effective for customers. “That could change how people operate – and potentially resolve many issues,” Badeau says

Threat Intelligence

The acquisition of ThreatQuotient adds threat intelligence to its offering, as Bury says that the integrations work together to “get a single pane of glass,” which he admits is very difficult to achieve and get value from, but fits within its remit of trying to make its offering super simple.

Bury says its own research determined that customers are using a variety of sources for threat content, so it was advantageous to bring in a platform that can extract the value out of that threat content, which is more specific to customer needs, and increase both automation and integration into the Securonix platform “to make it more meaningful and actionable.”

Badeau says that adding real-time threat intelligence was the realistic next level for the UEBA, as that intelligence can be used as context for any decision. He also says that the intelligence can “build a memory to learn over time,” so if something new is seen, it may not be the same as what was seen the previous time, but actions can be taken.

“What are the good things to hunt for? Those are the priorities you need to worry about,” he says. “Maybe you have an adversary after you, and that adversary is known to have three different techniques you have detected: the first two are used often, and the third is never detected, so either they never tried on you, or maybe we should automate the threat hunting capability based on the third capability?”

Board and Breach Ready

Secuionix’s ethos is based on three elements: being board-ready, breach-ready, and AI-powered. Bury explains that being breach-ready means that an organisation is ready to defend itself. Being board-ready recognises that cybersecurity is a board-level challenge, and there is a need to understand the outcomes that they’re looking for. Finally, everything needs to be AI-powered.

“Another objective that our solution helps you do is identify where you’re at risk, so that you can prevent a breach from happening,” Bury says. “It’s looking at intent and catching things before they happen. If you are attacked, it is about how you identify that and take remediation action in a very short period of time.”

Some ten years after the last flourish of stand-alone threat intelligence providers emerged, and were ultimately acquired, the combination of SIEM, TDIR, UEBA and SOAR offered by Securonix is now augmented by the addition of real-time threat intelligence, and the offering to be ahead of the attack and breach-ready sounds promising.

The post Securonix: Adding Threat Intelligence to the Mix appeared first on IT Security Guru.

When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another race against ransomware operators. But this latest maximum-severity flaw reveals something more troubling than a single vendor’s coding error. It exposes the fundamental fragility of how organisations handle their most sensitive data transfers.

The numbers tell a sobering story. According to recent industry research, Managed File Transfer (MFT) platforms carry a sky high risk score (4.72), outpacing nearly every other data transfer technology. This is not a coincidence. It is the predictable result of architectural decisions made when “perimeter security” still meant something and when exposed admin consoles were considered acceptable trade-offs for operational convenience. Today, with approximately 450 GoAnywhere instances still exposed to the internet and ransomware groups actively hunting for the next Clop-style payday, these architectural debts are coming due with compound interest.

Anatomy of a Maximum-Severity Flaw

CVE-2025-10035 achieves its perfect CVSS 10.0 score through a devastating combination of factors. The vulnerability lurks in GoAnywhere’s License Servlet, where improper deserialisation allows attackers to inject malicious objects through specially crafted license files. No authentication required. No user interaction needed. Just an exposed admin console and basic technical knowledge – a combination that transforms a coding oversight into a potential enterprise-wide catastrophe.

What makes this particularly alarming is the attack’s elegant simplicity. Unlike complex exploit chains that require deep technical expertise, this vulnerability presents a low barrier to entry. Script kiddies and sophisticated APT groups alike can weaponise this flaw, democratising what should be an exclusive capability. The exposed admin console becomes a welcome mat for attackers, offering direct access to the very systems that broker an organisation’s most confidential data exchanges.

The security community watches nervously for signs of active exploitation. While none has been confirmed publicly, the pattern is all too familiar. CVE-2023-0669, GoAnywhere’s previous critical flaw, went from disclosure to mass exploitation by Clop ransomware in mere weeks, ultimately compromising hundreds of organisations and exposing millions of records. The question isn’t whether CVE-2025-10035 will be weaponised, but which threat actor will move first.

Trillion-Dollar Pattern

This is  an industry-wide crisis hiding in plain sight. Legacy MFT systems have suffered similar critical vulnerabilities in recent years. Each follows an eerily similar pattern: authentication bypass or code execution flaws that grant attackers keys to the kingdom. The reason is structural, not coincidental.

MFT systems exist at the intersection of maximum value and maximum exposure. They handle everything from financial transactions to healthcare records, intellectual property to government secrets. Yet they must also connect disparate networks, bridge security domains, and accommodate external partners with varying security postures. This inherent tension creates attack surfaces that grow exponentially with each integration point.

The financial impact data is staggering. Organisations operating in what researchers call the “danger zone” − managing 1,001 to 5,000 third-party connections − face average breach costs between $3-$5 million per incident. But here is the critical insight: these costs balloon based on detection time. Companies taking 31-90 days to discover MFT compromises see litigation costs alone exceed $5 million in 27% of cases. When you are dealing with customer data, partner information, and regulatory compliance, every hour of attacker dwell time multiplies the damage exponentially.

Beyond the Patch Treadmill

The uncomfortable truth for security leaders is that if your strategy relies primarily on patching vulnerabilities quickly, you have already lost. The data proves this definitively. Organisations experiencing seven to nine breaches annually see 84% facing costs over $1 million, despite presumably having patch management programs. The problem isn’t the patches, it is the architecture that turns every vulnerability into an existential threat.

Consider what amplifies a manageable coding flaw into a catastrophic breach. Start with exposed management interfaces, the very attack vector CVE-2025-10035 exploits. Add monolithic architectures where compromising one component grants access to everything. Mix in poor network segmentation that allows lateral movement from DMZ to crown jewels. Season with minimal logging that extends attacker dwell time from days to months. This toxic combination transforms routine vulnerabilities into front-page news.

Modern architectural patterns offer a different path. Think of security as layers of Swiss cheese. Any single layer has holes but stacking them creates defence in depth. Sandboxing isolates risky components, preventing deserialisation flaws from achieving system compromise. Zero-trust networking assumes breach and limits blast radius. Embedded security controls create speed bumps that slow attackers and generate alerts. Most critically, these patterns acknowledge that perfect code is impossible; resilience comes from limiting impact, not preventing flaws.

Governance Multiplier Effect

The most striking finding from recent industry analysis is the power of mature governance to reduce risk. Organisations with comprehensive governance frameworks (currently just 17% of enterprises) demonstrate 21% lower risk scores across all security metrics. This is not bureaucracy; it is the systematic application of architectural thinking to security challenges.

Governance in this context means more than policies and procedures. It is about maintaining visibility into what you’re protecting and how. Nearly half of organisations that cannot quantify their breach frequency also can’t estimate their litigation exposure. This blindness creates a vicious cycle: without metrics, a business cannot improve; without improvement, breaches multiply; multiplied breaches destroy metrics through chaos and turnover.

For MFT systems specifically, governance means treating file transfer as the critical infrastructure it truly is. This includes architectural review boards that evaluate new integrations for security impact, continuous monitoring that alerts on unusual transfer patterns or administrative actions, clear ownership and accountability for each external connection point, and regular tabletop exercises that assume MFT compromise and test response capabilities.

Practitioner’s Guide to MFT Resilience

For organisations looking to break the vulnerability-patch-breach cycle, several concrete steps can dramatically improve security posture without massive technology investments. Start with the basics and eliminate internet-facing admin consoles. This single change would have prevented most historical MFT breaches. Use jump servers, VPNs, or modern zero-trust proxies, but never expose management interfaces directly.

Implement genuine least-privilege access. Most MFT deployments run with excessive permissions because it is easier than properly scoping access. This convenience becomes catastrophic when attackers gain foothold. Every external connection should have minimal necessary permissions, enforced at multiple layers.

Consolidate where possible. Many organisations run multiple MFT solutions for historical reasons, each adding attack surface and complexity. The overhead of managing five different file transfer systems − each with its own vulnerabilities, patch cycles, and integration points − often exceeds the cost of standardizing on a single, well-architected platform.

Most importantly, instrument for detection. The difference between a million-pound incident and a ten-million-pound breach often comes down to detection speed. MFT systems should generate rich audit logs, feed SIEM platforms in real-time, alert on anomalous transfer patterns or volumes, and integrate with broader security orchestration. If a business cannot detect compromise within hours, its architecture has failed regardless of patch velocity.

Clear Path Forward

CVE-2025-10035 represents both a clear and present danger and a learning opportunity. The immediate imperative remains patching vulnerable systems before threat actors weaponise this flaw. But the larger lesson transcends any single vulnerability: organisations must evolve from reactive patching to proactive architectural resilience.

This evolution requires acknowledging uncomfortable truths. A legacy MFT system will have critical vulnerabilities discovered. Threat actors will attempt exploitation. Some attempts may succeed despite best efforts. The question is whether these inevitable events become manageable incidents or existential crises. Look for an MFT solution with the architecture, governance, and detection capabilities.

As we enter an era where AI-powered vulnerability discovery accelerates the pace of disclosure, the old playbook of patch-and-pray becomes increasingly untenable. Security leaders must instead focus on building systems that bend but do not break, that contain breaches rather than amplifying them, and that provide visibility into compromise rather than hiding it. Only through this fundamental shift in thinking can we transform MFT from our greatest vulnerability into a manageable risk.

 

The post Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook appeared first on IT Security Guru.

In 2025, the importance of a top-quality and well-functioning website cannot be overstated. Forgetting this is a costly mistake, but an even greater one is failing to ensure that a website is fully functional for everyone. That’s where website accessibility comes in, which is the practice of designing digital experiences to be usable by people with disabilities. Over the years, it has shifted from a niche, ‘nice-to-have’ feature to a core imperative. The question is no longer if you should prioritise accessibility, but how well you implement it as a key component of your digital strategy.

While many associate accessibility with making a website “easy to navigate,” its scope is far broader and more crucial. True accessibility ensures that all users, regardless of ability, can perceive, understand, and interact with your content effectively.

To help us learn more about the importance of accessibility, we have the expertise of Surrey web design agency, Full Stack Industries.

Beyond Usability: The Real Meaning of Web Accessibility

Effective navigation is an essential part of accessibility, but the discipline itself encompasses inclusive design for a broad spectrum of human experiences. It means creating a digital environment that doesn’t present barriers to anyone. This includes:

• For visually impaired users: Ensuring your site is compatible with screen readers by using proper heading structures and providing alternative text (alt text) for all meaningful images.
• For users with motor disabilities: Enabling full navigation and functionality using only a keyboard, as they may not be able to operate a mouse.
• For deaf or hard-of-hearing users: Providing captions and transcripts for all video and audio content.
• For users with cognitive disabilities: Using clear layouts, simple language, and predictable, consistent navigation to reduce cognitive load.

Full Stack Industries commented, “For many businesses, accessibility is a ‘nice to have’ project they’ll get to during a quiet period. However, it offers a key benefit: not only does it ensure that everyone can use your site, but it also makes it easier for Google to read. This is a big win for SEO. It’s a win-win project that all businesses should take advantage of.”

The Critical Overlap Between Accessibility and Security

For an IT security professional, one of the most compelling arguments for accessibility is its direct and positive impact on an organisation’s cybersecurity. The principles that underpin an accessible website are often the same ones that create a secure and robust one.

• Clean Code is Secure Code: Accessible websites are best built on a foundation of clean, semantic HTML. This logical structure is not only easier for assistive technologies to interpret but also more straightforward for security teams to audit and maintain. Bloated, complex code can obscure vulnerabilities, whereas the streamlined nature of accessible design promotes transparency and resilience.
• Inclusive Authentication Reduces Risky Workarounds: Security measures like CAPTCHA can be near-impossible for screen reader users to pass. When primary security protocols are inaccessible, users are often forced to find less secure workarounds or abandon the task altogether. By implementing accessible multi-factor authentication (MFA) methods and user-friendly verification processes, you ensure that security measures protect everyone without becoming a barrier.

Ultimately, designing for accessibility is creating for everyone. In 2025, it is an integral part of a holistic digital strategy that enhances user experience, expands market reach, strengthens digital presence, and empowers your security defences. It is no longer an optional extra but the foundation of a modern, practical, and secure web presence.

The post How Important are Accessible Website Designs in 2025? appeared first on IT Security Guru.

New research by ISACA has found that over a third (39%) of European IT and cybersecurity professionals report that their organisation is experiencing more cybersecurity attacks than this time last year.

Yet despite this rising wave of attacks, confidence in organisational readiness remains low, with only 38% of professionals stating they are completely confident in their organisation’s ability to detect and respond effectively.

As attacks continue to increase in scale and scope, the pressure on professionals is also growing, with nearly two-thirds (65%) identifying the increasingly complex threat landscape as a major stress factor.

While budgets and staffing show some progress, the report found that the pace is not fast enough to ease pressure on professionals. Over half (58%) of those surveyed report that their organisation remains understaffed, only a modest improvement of three percentage points compared to last year. Budgets tell a similar story of slow progress – while over half (54%) of professionals say their organisation is underfunded, this has improved slightly from 58% in 2024.

While incremental gains suggest that organisations are beginning to prioritise cybersecurity, progress still lags behind the demands of the threat landscape, and professionals on the front line are feeling this pressure. 

More than two-thirds (68%) say their job is more stressful now than it was five years ago, a figure which remains unchanged from last year. Within workplaces, organisations are failing to give professionals the support they need to manage stress. Over half (54%) report unrealistic expectations or excessive workloads, 48% highlight poor work-life balance, and more than a third (36%) say their teams lack the right skills or training.

 Alarmingly, more than one in five organisations (22%) have still taken no action to address or prevent employee burnout, leaving professionals to manage growing responsibilities with limited support. 

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “Over the past year, the public has seen first-hand just how impactful cyberattacks can be, with high-profile breaches devastating businesses and dominating headlines. At the same time, the overall volume of attacks is rising, with almost two in five organisations experiencing more incidents than a year ago.

 

“While organisations are starting to acknowledge the problem and take steps to address long-standing issues in budgets and staffing, the pace of change is still far too slow. The reality is that cyber criminals are moving faster than most organisations can respond. Now is the time to invest in investing in a more holistically trained cybersecurity workforce, an investment towards customer trust and in gaining competitive advantages, not just a reactive move following an incident.”

More than half of organisations (52%) are struggling to retain qualified cybersecurity professionals, according to those professionals familiar with hiring within their organisations. Entry-level roles are particularly difficult to fill; nearly one in five organisations (19%) have open positions that do not require experience, a degree or credentials, yet almost half (45%) say it still takes three to six months to hire at this level.

Part of the challenge lies in narrow hiring expectations. While just over half of respondents (55%) view a university degree as important for candidates, far more place value on professional credentials (84%) or hands-on training (73%). Expanding recruitment pathways and offering training opportunities for those without conventional backgrounds could help organisations grow their pipeline of talent.

 Dimitriadis added: “To build resilience and keep pace with the evolving threat landscape, we must widen the pathways into cybersecurity. By valuing hands-on training, professional credentials and transferable skills, organisations can strengthen their teams and ease the pressure on overstretched professionals. But recruitment is only the start; continuous training and upskilling are critical. That is how we move from slow, incremental change to real progress, reducing stress and building long-term protection.”

Even as staffing and skills shortages persist, cybersecurity teams are increasingly at the forefront of AI governance and implementation. More than half of European professionals (51%) say they have helped develop their organisation’s AI governance framework – up sharply from 36% last year – while 46% are now directly involved in AI implementation (up from 27%). 

Beyond governance, AI is already embedded in day-to-day operations, with top uses including threat detection (29%), endpoint security (28%) and routine task automation (27%). These findings point to the accelerating pace of AI adoption and the urgent need for stronger AI security legislation and continuous upskilling, particularly as Europe advances the EU AI Act and NIS2, and the UK prepares forthcoming AI legislation.

The post Research Finds Budgets, Staffing and Skills Fail to Keep Pace with Rising Cyber Threats appeared first on IT Security Guru.

Keeper Security has announced a new integration with Google Security Operations (GoogleSecOps). The integration streams privileged access activity from Keeper into the Google SecOps platform, which unifies Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) and threat intelligence, to give security teams real-time visibility and faster incident response.

As attackers increasingly leverage AI-driven techniques and sophisticated cyber campaigns, organisations must improve both visibility and speed of response. By combining Keeper’s Advanced Reporting and Alerts Module (ARAM) with Google SecOps, security teams gain real-time, centralised insights into privileged access activity across their environments. Events are continuously streamed directly into Google SecOps, helping to eliminate visibility gaps and reduce the burden of manual oversight. The result is faster, more precise detection and response to potential breaches.

Craig Lurey, CTO and Co-founder of Keeper Security, said: “Privileged access should never be a blind spot. By integrating our capabilities into Google SecOps, we’re giving enterprises unprecedented visibility and control over their most sensitive accounts, enabling faster detection and stronger defense against threats.”

Real-time monitoring is facilitated by continuous event streaming from Keeper into Google SecOps, enabling immediate detection of suspicious or unauthorised behaviour, while operational efficiency is enhanced through automated reporting and alerting that reduce manual log reviews. Furthermore, comprehensive event logging and access control documentation aid regulatory compliance for standards such as GDPR, PCI DSS, SOC and ISO. Additionally, the ingestion of BreachWatch® event data offers proactive protection by identifying exposed credentials and helping to prevent account takeover attempts.

KeeperPAM® is a unified, cloud-native platform designed to secure sensitive credentials and access points, including passwords, passkeys, secrets, and privileged sessions, across both hybrid and multi-cloud environments. The system incorporates agentic AI through its KeeperAI feature, enabling real-time threat detection and response. This AI functionality can automatically terminate high-risk sessions while continuously analysing and categorising all user activity. By enforcing least-privilege access policies and providing actionable intelligence from every privileged account, KeeperPAM aims to lower the risk of security breaches and enhance overall enterprise cyber resilience.

The post Keeper Security Integration with Google SecOps Expands Visibility into Privileged Access appeared first on IT Security Guru.

At CrowdStrike Fal.Con 2025, Salt Security announced the industry’s first solution to secure the actions AI agents take in the enterprise. As large organisations adopt agentic AI, agents are increasingly making real-time API calls through protocols like MCP and A2A, creating a new layer of risk. Salt is the first to converge API and AI security, giving organisations visibility into every agent-driven action, governance to enforce the right posture, and real-time protection against AI agent abuse. 

This release gives security teams immediate visibility, automatic governance and real-time protection for agentic AI, without extra setup. MCP Protect maps MCP server interactions and surfaces hidden endpoints, while built-in guardrails, enabled by default, enforce safe agent behaviour automatically.

Michael Nicosia, co-founder and COO of Salt Security, said: “Most organisations’ first AI security gap isn’t prompt and model jailbreak attacks, it’s the invisible API connections powering agents. Salt closes that gap by continuously discovering every API, governing it against policy, and protecting it in real time, including the fast-growing universe of agent-driven traffic.”

Salt Security’s new MCP Protect feature is designed to give organisations a clear view of their AI-powered systems. It automatically discovers and keeps an eye on all Model Context Protocol (MCP) servers and their interactions with AI agents, revealing connections that were previously hidden. The system then assesses the risk of these interactions, tracks sensitive data as it moves, and safeguards against any unsafe or malicious use of MCP servers.

This update introduces a new category of ready-to-use security controls. These controls ensure that AI agents behave safely by automatically detecting and addressing the most significant security vulnerabilities in both MCP and Agent-to-Agent (A2A) environments.

“From a security standpoint, it’s not just about what AI agents say, it’s what they actually do,” said Nick Rago, VP Product Strategy of Salt Security. “AI agents act through APIs, MCP, and A2A, but most organisations don’t have visibility into those actions. Salt gives you that visibility from day one, puts the right guardrails in place and protects against abuse and AI logic attacks in real time so your teams can move fast with confidence.”

The post Salt Security Announces Industry First Solution to Secure API Actions Taken by AI Agents appeared first on IT Security Guru.

Nagomi Security has announced the next step in its platform evolution with Nagomi Control, a new release that redefines Continuous Threat Exposure Management (CTEM) by enabling security teams to shift from identifying exposures to fixing them. Nagomi Control provides an execution layer for CTEM. While many cybersecurity programs use CTEM to identify risks, they often lack the ability to act on them. This solution allows teams to automatically address exposures, reduce risk at scale, and integrate with their existing technology stack.

Nagomi Control debuts alongside Exposure Lens, the company’s new AI-driven intelligence engine that powers the release. Exposure Lens brings together data from assets, controls, vulnerabilities, and live threat activity to reveal where organizations are most exposed. It expands the definition of exposure beyond Common Vulnerabilities and Exposures (CVEs) to include weak configurations, missing safeguards, and unchecked access – the everyday risks attackers rely on but most tools miss. By placing these exposures in business context and ranking them by impact, Control gives security teams a clear path from awareness to resolution.

Emanuel Salmona, co-founder and CEO of Nagomi, said: “Knowing where your exposures are is not enough, especially when the most dangerous ones aren’t tied to a CVE. For years, security teams have been flooded with vulnerability data, while critical misconfigurations, missing controls, and excessive access quietly opened the door for attackers. Nagomi Control turns that flood into focus. It makes every exposure, not just the ones with a name, actionable, trackable, and measurable, so teams can stop real threats and leaders can show progress that actually means something.”

Nagomi Control integrates accountability into the remediation process. It assigns each issue to the appropriate team and tracks it within existing workflows. This approach aims to clarify responsibility and ensure all steps are completed. Progress can be measured by business unit, campaign, or threat type, providing security leaders with data to demonstrate a reduction in exposure to executives and board members. Gartner reports that 61% of security leaders experienced a breach in the past year due to failed or misconfigured controls.

Shai Mendel, co-founder and CPO of Nagomi, said: “The majority of breaches share a common thread: the exposure was already known and could have been mitigated. The challenge isn’t visibility, it’s execution. Control was designed to close that gap. By delivering the execution layer of CTEM, we’re helping security teams to proactively resolve exposures faster, show measurable risk reduction, and strengthen security without adding more tools or headcount.”

Nagomi Control includes features that distinguish it from traditional vulnerability management and visibility-only platforms. Its Findings feature surfaces security issues by combining exposures such as misconfigurations, vulnerabilities, and coverage gaps with critical asset attributes like whether a device is internet-facing, a domain controller, or a server. This approach provides teams with a prioritized, contextual view of risk that standalone scanners or asset inventories cannot provide.

Additionally, the Latest Changes Feed offers a dynamic timeline of environmental changes, including new CVEs, threat campaigns, posture shifts, and tool degradations. Each change is presented with full context and one-click actions.

The post Nagomi Control Brings CTEM Into Action appeared first on IT Security Guru.

Yesterday, Check Point announced that it had entered into an agreement to acquire Lakera, an AI-native security platform for Agentic AI applications. It has been revealed that the acquisition has cost $300m. By joining forces with Lakera, Check Point sets a new standard in cybersecurity, becoming able to deliver a full end-to-end AI security stack designed to protect enterprises as they accelerate their AI journey.

In an effort to accelerate innovation, businesses are increasingly integrating large language models, generative AI, and autonomous agents into their core operations. However, this also widens their security vulnerabilities. The risks range from data leaks and model manipulation to new threats introduced by multi-agent collaboration and autonomous decision-making. Customers, too, are sceptical of the security of agentic AI. New research by Salt Security found that 62% of consumers believe chatbots are more vulnerable to manipulation by hackers than their human counterparts. Clearly, organisations have a long way to go to secure AI and win over consumer trust. A real-time, AI-native security approach is no longer optional – it’s essential for business survival.

Nadav Zafrir, CEO at Check Point Software Technologies, said: “AI is transforming every business process, but it also introduces new attack surfaces. We chose Lakera because it brings AI-native security, superior precision, and speed at scale. Together we are setting the benchmark for how enterprises adopt and trust AI.”

Check Point already secures AI transformation through GenAI Protect, SaaS and API security, advanced data loss prevention, and machine learning-powered defenses for applications, cloud, and endpoints. With Lakera, Check Point extends these capabilities to deliver one of the industry’s first end-to-end AI security stack. By combining Lakera’s runtime protection with the AI-powered Check Point Infinity architecture, enterprises can secure the full lifecycle of AI – models, agents and data – enabling them to innovate with confidence, at scale, and without compromise.

“Lakera was purpose-built for the AI era, with real-time runtime security and research at its core,” said David Haber, Co-Founder and CEO at Lakera. “Joining Check Point allows us to accelerate and scale our mission globally. Together we will protect LLMs, generative AI, and agents with the speed, accuracy, and guardrails enterprises need to embrace AI with confidence.”

Founded by AI experts from Google and Meta, Lakera was engineered specifically for AI-native environments. The company operates major AI R&D centres in Zurich and San Francisco. Its flagship solutions, Lakera Red and Lakera Guard, provide pre-deployment posture assessments and real-time runtime enforcement to protect LLMs, AI agents, and multimodal workflows. Lakera’s platform combines advanced runtime protection with continuous red teaming, reinforced by Gandalf, a worldwide leader of adversarial AI network. This unique approach ensures evolving defences that stay ahead of emerging AI threats, giving enterprises confidence to deploy AI securely and at scale.  Lakera is trusted by Fortune 500 enterprises worldwide and powered by a team of 11 PhDs, ensuring both technical rigor and enterprise-grade resilience.

The platform has a strong track record of performance at scale, with a detection rate of over 98% and low latency. This allows it to protect AI applications without affecting their speed or accuracy. Using a database of over 80 million adversarial patterns, the platform continuously adapts to new AI threats. It also supports more than 100 languages, providing global coverage.

Upon closing, Lakera will form the foundation of Check Point’s Global Center of Excellence for AI Security, accelerating AI security research, innovation, and integration across the Check Point Infinity Platform.

The transaction is expected to close in Q4 2025, subject to customary closing conditions.

The post Check Point Acquires AI Security Company Lakera appeared first on IT Security Guru.

Cybersecurity distributor Brigantia and The Zensory, the popular wellbeing and productivity platform dedicated to transforming work habits, have been working together for a whole year now. The partnership set out with a hefty aim: to tackle one of the biggest threats in cybersecurity – human error. No small feat. Reporting on the success of the past year, Brigantia revealed that 94% of its users reported improved calmness and 82% reported better focus when using The Zensory.

By empowering users to stay calm and focused under pressure, the partnership fosters a stronger, more security-conscious mindset among MSPs and their customers. This not only helps MSPs drive staff retention and stand out in a crowded market – but also enables their customers to build safer, more resilient teams from the inside out.

Building on their established partnership with KnowBe4, the security awareness training platform, Brigantia integrated The Zensory to enhance end-user focus, resilience and reduce human risk.

Stress, fatigue, and distraction increase cybersecurity risks, with 47% falling for phishing when overwhelmed. The Zensory tackles these human factors directly using science-backed tools like breathing exercises and binaural beats. It helps reduce stress, sharpen focus, and lower human error, protecting both employees and their organisations from cyber threats.

CEO & Founder of The Zensory, Jasmine Eskenzi said: “Partnering with Brigantia has been a true game-changer. Together, we’ve brought something genuinely innovative to the channel, helping teams tackle burnout, distraction, and stress before they impact performance. Brigantia’s network and expertise have enabled us to deliver powerful, scientifically-backed interventions to the people who need them most. The results so far speak for themselves, with significant improvements in focus, wellbeing, and resilience across the modern workplace, and this is just the beginning.

Stress is one of the biggest root causes of human error, directly affecting performance and cybersecurity posture. That’s why we’re tackling human risk at its source, supporting people to perform at their best while building a more focused, secure workforce. The Zensory has been purpose built alongside a board of leading professionals, including esteemed PhD doctors, professors and technologists. We’re incredibly excited to expand our impact even further for the frontline of modern work: from cybersecurity teams to overachievers and brilliant neurodivergent minds. The next chapter together will be even bigger.”

Available as a standard feature for Brigantia’s KnowBe4 Managed Service users, The Zensory has been proven to:

• Reduce phishing and human error incidents by up to 70%
• Improve employee well-being and reduce burnout
• Offer greater client retention and differentiation for MSPs
• Address 22 of the 33 susceptibility factors to social engineering
• Improve employee wellbeing in 98% of individuals
• Improve focus and attention in 97% of individuals 

Brigantia’s Product Team Director, Robert Hall, said: “The integration of The Zensory into our KnowBe4 offering is more than a feature – it’s a mindset shift. By encouraging calm, focused teams, we’re helping organisations build stronger human firewalls and reduce risk where it matters most. The results we’ve seen are incredible. It’s also a key differentiator for our clients, offering something truly cutting edge and innovative, which in turn helps our partners secure deals and makes security tools even more impactful for end users.”

The post The Future of Human Risk Management: The Zensory and Brigantia Partnership A Year On appeared first on IT Security Guru.