Josh Breaker Rolfe

Cybercriminals are more sophisticated than ever, a new report from CrowdStrike reveals. Breakout times are falling, social engineering is becoming more common and effective, and cyber espionage – particularly that originating in China – is growing increasingly aggressive. “Our latest research demonstrates that adversaries are becoming more efficient, focused, and business-like in their approach — in many ways, more like the enterprise organizations they prey upon. That’s why our team of security analysts, experts, and authors chose ‘the enterprising adversary’ as the theme for this year’s CrowdStrike Global Threat Report,” said George Kurtz, CrowdStrike CEO and Founder. Cyberattacks Are Faster…

AI-driven automation and real-time transaction monitoring are the top priorities for organizations seeking to combat fraud, the 2025 Digital Fraud Outlook report published by SEON has revealed. Fraud Budgets Grow, But ROI is Complicated According to the report, 85% of organizations have increased their fraud prevention over the past year, 88% are actively expanding their fraud teams, and 88% spend over 3% of their revenue on fraud prevention. However, SEON warns that organizations must invest strategically to maximize ROI, and existing ROI calculation methodologies may be flawed. The report highlights that 33% of organizations measure ROI based on reduced fraud…

Cybersecurity information sharing is a crucial element of a strong security culture, and organizations should actively facilitate and encourage it to reduce human risk, a new report from KnowBe4 argues.   Called “Cybersecurity Information Sharing as an Element of Sustainable Security Cultured,” the report was authored by Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, and Dr William Seymour, a Lecturer in Cybersecurity at King’s College London. It examines how people consume and share cybersecurity information to understand the role that workplace training plays in fostering information sharing among colleagues. Why Information Sharing Matters While arguments advocating for cybersecurity awareness training…

Cybersecurity researchers at VulnCheck have exposed internal conversations between members of the Black Basta ransomware group, revealing rare insights into the groups’ tactics and actionable advice for cybersecurity defenders. The key takeaway? Black Basta generally prioritizes known weaknesses. Extensive Use of Known Vulnerabilities The report reveals that Black Basta referenced 62 unique security flaws (CVEs) in their internal discussions, 85.5% of which were already being exploited in the wild. Obviously, these are concerning figures, but they have a major silver lining: organizations can take relatively simple steps to protect themselves, by reviewing the CVE list and applying patches immediately. Rapid…

Eighty-six percent of commercial codebases contain vulnerabilities, with 81% harboring high-or-critical-risk vulnerabilities, new research from Black Duck has revealed. The 2025 Open Source Security and Risk Analysis (OSSRA) report drives home the massive risk posed by outdated and unmonitored open-source components. It reveals that the average number of open-source files in applications has tripled over the past four years, surging from 5300 in 2020 to over 16000 in 2024. “The 2025 OSSRA report underscores a critical and ongoing challenge for organizations: managing the security and compliance risks inherent in open source software,” said Jason Schmitt, CEO of Black Duck. “As…

Vast numbers of misconfigured Access Management Systems (AMS) across the globe are exposed to the public Internet, researchers from Internet Index Search Solution provider Modat have revealed. The vulnerabilities, which span a wide range of industries—including critical sectors like construction, healthcare, oil, and government—have exposed hundreds of thousands of sensitive employee records, including personal identification details, biometric data, and even work schedules. Routine Assessment Reveals Global Security Crisis In early 2025, the Modat research team embarked on what they thought would be a routine investigation. Using the Modat Magnify tool, they scanned the global security landscape and unearthed something disconcerting:…

Cyberattacks in the automotive industry are on the rise. They’re also becoming more impactful. And the gap between the risk landscape and organizational resilience is growing. Automotive cybersecurity is at a critical moment, and the choice is clear: close the cybersecurity gap or suffer the consequences. Upstream’s 2025 Automotive and Smart Mobility Cybersecurity Report is a critical insight into the state of cybersecurity in the automotive and smart mobility industry. It reveals that the digital revolution supercharging the automotive sector is also making it vulnerable to attack. “Addressing these challenges requires collective action. OEMs, Tier-1, Tier-2 suppliers, and smart mobility providers…

The Inside Man is security training like no other. Now in its sixth season, KnowBe4’s Netflix-style security awareness video series boasts a compelling storyline, memorable characters, and, most noticeably, a budget other training providers could only dream of. But does it actually improve customer security postures? KnowBe4 seems to think so. So, What’s it All About? The series follows Mark Shepherd, a cybercriminal gone legit, and his friends, colleagues, and love interests as they embark on various cybersecurity-related adventures. Previous seasons have seen the ‘Good Shepherd Cybersecurity’ team take on a penetration testing job for an international bank, combat a…

Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay. While, throughout 2024, less than half of recorded incidents resulted in victims paying ransoms, and several major ransomware groups experienced disruption, Chainalysis is quick to mention that attackers are adapting to their new reality, rebranding and deploying new ransomware strains. Changing Victim Behaviors Changing victim behaviors are largely responsible for the fall in ransomware payments, with victims choosing backup recovery and…

Smiths Group, a multinational engineering business, has disclosed a data breach. The company, which is based in London but employees more than 15,000 people in over 50 countries, published a filing to the London Stock Exchange (LSE) on Tuesday saying that it is “currently managing a cyber security incident” involving “unauthorized access to the Company’s systems.” While details of the breach are scant, Javvad Malik, Lead Security Awareness Advocate at KnowBe4, says that it is “a reminder that all organizations, regardless of industry or size, are potential targets of cybercriminals.” Smiths Group Responds Quickly Although extent of the incident is…