RSS_Virtulization

The recent cyber-attacks on UK retail companies, such as Marks & Spencer, Co-op and Harrods, are a “wake-up call” for the retail sector and beyond, according to Sunil Patel, Information Security Officer at British fashion brand River Island. Speaking at Infosecurity Europe 2025 on June 3, Patel said the techniques used by the threat group linked to the hacks, Scattered Spider, were “elegant and subtle, but not as complicated as we imagine.” “A combination of social engineering – potential…

A widespread phishing campaign spoofing Booking.com has been observed targeting the hospitality industry with malicious emails that trick recipients into downloading malware, according to researchers at Cofense Intelligence. These attacks use a deceptive CAPTCHA system known as ClickFix, which coaxes victims into running malicious scripts on their Windows devices. Malware Surge Tied to Booking.com Spoofs Active since November 2024, the campaign peaked in March 2025, accounting for 47% of its total activity. Emails impersonating Booking.com were…

A large-scale operation planting malicious code in open-source projects on GitHub has been uncovered by cybersecurity researchers. The scheme, centered on a developer using the alias ischhfd83, involves over 130 backdoored repositories disguised as malware tools or game cheats. A Booby-Trapped Malware Toolkit The investigation began when a Sophos customer queried the safety of a GitHub-hosted project called Sakura RAT. While the tool itself appeared broken, researchers found it contained a hidden backdoor, targeted not…

ISO 27001 Controls – A guide to implementing and auditing Bridget Kenyon is the CISO (chief information security officer) for SSCL. She’s also been on the ISO editing team for ISMS (information security management system) standards since 2006, and has served as lead editor for ISO/IEC 27001:2022 and ISO/IEC 27014:2020.   Bridget is also a member of the UK Advisory Council for (ISC)2, and a Fellow of the Chartered Institute of Information Security.  She’s also been a PCI DSS QSA…

Phishing-related data breaches are the leading causes of data loss, followed by misconfigurations and stolen devices, according to a new survey from data erasure solution provider Blancco. The firm commissioned research agency Coleman Parkes to survey 2000 cybersecurity, IT and sustainability leaders from large enterprises across several countries and industries about their data security and data resilience practices. The results, published on June 4 in Blancco’s 2025 State of Data Sanitization Report, showed that 86%…

However, unlocking the complete benefits that enterprise AI stands to offer is very difficult without a data mesh in the mix. Data mesh may not be a prerequisite for building AI, but it’s an essential complementary technology for building AI solutions that actually create business value. What is a data mesh? A data mesh is a type of data architecture that enables decentralized ownership of data. Most data mesh works by connecting the various data…

Agentic AI initiatives, where AI makes decisions autonomously, will drive broader adoption of AI governance platforms as the technology expands, says Litan. “Agentic is so unpredictable and can go off the rails so easily that it’ll have to be reigned in with controls,” she says. Today, many companies use manual reviews and policies, but autonomous agents, when they take off over the next two years, will move so fast that companies won’t be able to…

The majority of the packs are now redundant, though, said SAP’s SVP of ERP Product Marketing Maura Hameroff. “With our [S/4HANA] release of 2023, we delivered all of the scenarios. … We removed all of the technical blockers that were slowing customers down,” she said. With those blocks removed, SAP made it clear in a 2022 blog post updated in February 2025 that both the right to use Compatibility Packs, and all support for them,…

According to a report, 71% of energy industry professionals consider their organizations more vulnerable to OT cyber events than ever. These are private organizations, but the stakes are much higher for government-owned systems. Government-owned energy systems such as national grids, nuclear facilities, pipelines, and strategic reserves are foundational to national sovereignty and public welfare. In essence, attackers do not only target them for their economic value but because their failures can cascade across sectors. Unfortunately, these…

Startups and fast-growing security vendors are avoiding labelling their products as using AI, as they look to attract both enterprise customers and investors. Instead, newly founded businesses are focusing on filling gaps in CISOs’ existing security measures. These include giving security teams better insights into their operations; governance, risk and compliance (GRC); and attack surface management (ASM). Startups are also identifying areas where CISOs can save money on their security budgets and reduce the number…