Josh Breaker Rolfe

The Cybersecurity and Infrastructure Agency (CISA), in collaboration with the National Security Agency (NSA), has published a guidance document urging software vendors, developers, and federal agencies to accelerate their adoption of Memory Safe Languages (MSLs). Titled “Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development,” the guidance highlights how memory-related flaws, including buffer overflows and user-after-free errors, remain one of the most critical and persistent sources of software insecurity. Drawing on real-world cases like Heartbleed and BadAlloc, vulnerabilities that exposed data across 800,000 websites and jeopardized 195 million devices, respectively, the report warns that poor memory safety poses an unacceptable…

Cybercriminals are no longer just guessing passwords; they’re mimicking CEOs, cracking login credentials with machine learning, and flooding inboxes with synthetic spear-phishing emails. A new report from Frontegg reveals that artificial intelligence is not just shaping the cybersecurity landscape, it’s inventing entirely new forms of attack, and IT teams are struggling to keep pace. New Threats, New Pressures AI-driven cyberattacks are evolving faster than most teams can react. According to Frontegg’s May 2025 survey of over 1000 IT professionals, 61% have faced threats that didn’t even exiist two years ago. In the last year alone, 35% reported an overall rise…

Cybersecurity researchers at Check Point Software have identified what may be the first ever attempt by malware to manipulate AI-based security systems using prompt injection. While the tactic ultimately failed, the incident could be a sign of what’s to come: attackers targeting the artificial intelligence tools defenders now rely on. The malware, uploaded anonymously from the Netherlands, first appeared on VirusTotal in June 2025. While many features were relatively standard, including TOR components and sandbox evasion, researchers discovered that the code included a message that looked like a direct instruction to an AI model. AI Becomes the Target The embedded…

“Ransomware is an existential threat for many victims today, and one that’s constantly evolving,” warned William Lyne, Head of Cyber Intelligence at the UK’s National Crime Agency (NCA), during his recent conversation with Deryck Mitchelson, CISO of Check Point Software.   Speaking at Check Point Software’s recent Cyber Leader Summit London, Lyne offered a frank assessment of the ransomware landscape: more fragmented, increasingly agile, and more determined than ever. Fragmentation in the Underworld “The ecosystem is evolving,” Lyne explained. “We’re seeing less trust between threat actors, and less reliance on big ransomware-as-a-service platforms or centralized marketplaces.” Where once large, vertically integrated…

In this leadership spotlight, Charlotte Wilson, Head of Enterprise and Strategic Sales at Check Point Software, talks to Information Security Buzz about the importance of diversity and inclusivity in the AI era. AI is an inescapable facet of modern cybersecurity. But unless we actively address bias and representation, it could entrench inequalities in the very systems meant to protect us. Charlotte is clear-eyed about the technology’s power and pitfalls. “AI gives us phenomenal power,” she says. “But we have to be mindful of how we’re using it and who is influencing it.   The Hidden Bias in AI Systems Charlotte recognizes…

A US real estate investment and management company accidentally exposed more than 170,000 sensitive records online, according to a new report by cybersecurity researcher Jeremiah Fowler. Fowler discovered the unencrypted, password-free database, containing 116.24GB of information, and reported it to WebsitePlanet. What Data Was Exposed? When Fowler reviewed a sample of the data, he found personally identifiable information (PII) from motel and hotel employees, including; Beyond this, the database also exposed: Fowler described the discovery as one of the most concerning exposures he has seen in recent years because of the broad range of sensitive material involved. Who Owns the…

Two newly disclosed Linux vulnerabilities could let attackers chain their way to full root access, even from an ordinary SSH session, on default installs of multiple major distros, Qualys security researchers have warned. Earlier this week, the Qualys Threat Research Unit (TRU) published details and proof-of-concept (PoC) code for CVE-2025-6018 and CVE-2025-6019, two local privilege escalation (LPE) flaws that can be exploited in tandem to achieve root access in seconds. Researchers successfully tested the exploit on SUSE, Debian, Ubuntu, and Fedora systems. How the Exploit Works CVE-2025-6018 is in PAM, the login management software on SUSE Linux. Because of a…

2025 marked Infosecurity Europe’s 30th anniversary, and it didn’t disappoint. It brought together cyber’s greatest minds, shed light on some of the industry’s most exciting topics – including post-quantum cryptography, AI threats, and geopolitics – and, as always, gave the industry an all too rare opportunity to connect in person. However, for us, the startups really stole the show this year. Here are some of our favorites. Wallarm Wallarm is at the forefront of Agentic AI protection. As APIs and AI agents have become both the engine and attack vector of modern apps, Wallarm offers a unified platform that doesn’t…

The hospitality sector’s embrace of digital transformation has left it increasingly vulnerable to cyber threats, according to Trustwave’s 2025 Risk Radar Report for the Hospitality sector. As hotels, resorts, and restaurants integrate advanced technologies like mobile check-in, smart room controls, and AI-powered guest services, they’re also creating expansive attack surfaces, often without the security infrastructure to match. High Value Targets, Low Quality Defenses Hospitality organizations manage massive amounts of personal data, including names, credit card details, passport numbers, and travel itineraries. This makes them a prime target for cybercriminals; 81% admitted experiencing a cyber incident in the past year, while…

The 2022 revision of ISO/IEC 27001 brings a sharper focus on proactive and resilient cybersecurity controls, including requirements around pseudonymization, encryption, and advanced monitoring. With certification to the 2013 version ending soon, organizations need to act fast. This blog breaks down the new control areas introduced in the updated framework and explains how modern security solutions can help you address them, supporting compliance while strengthening your overall security posture. Learn how to embed privacy-by-design and intelligent threat detection using proven, integrated approaches. 11 New Security Controls ISO 27001:2022 introduces 11 new controls all comprised within Annex A, the part of…