Related News

iPhone in Canada

1Password Launches 50% Off Cyber Monday Deal

IIC Deals
Published date: 2025-12-01 23:00:23

AgileBits’ 1Password has launched its Black Friday and Cyber Monday sale, offering 50% off both its Individual and Families plans. If you’ve been thinking about tightening up your online security, this is one of the best prices the service offers. The Individ…

AgileBits’ 1Password has launched its Black Friday and Cyber Monday sale, offering 50% off both its Individual and Families plans. If youve been thinking about tightening up your online security, thi… [+1007 chars]

Nep123.com

Securing Nepal’s Digital Future: From Awareness to Action

Editor
Published date: 2025-12-01 11:48:25

Securing Nepal’s Digital Future: A Deep Dive into Cyber Security Awareness A multi-stakeholder group focused on cyber security successfully organized a crucial event to celebrate International Computer Security Day. Assembled in under 20 hours, the gathering …

Gadget Flow

I’m convinced these are the best Cyber Monday deals of the year

Lauren Wadowsky
Published date: 2025-12-01 11:25:52

Move over Black Friday—Cyber Monday is here! Yes, to all of you who spent Black Friday catching up with family or setting up your Christmas tree, you still have one more day to shop the savings: today! The best Cyber.. The post I’m convinced these are the bes…

Fox News

Check if your passwords were stolen in huge leak

None
Published date: 2025-11-30 19:30:07

Threat intelligence firm Synthient uncovers one of the largest password exposures ever, prompting immediate security recommendations.

If you have not checked your credentials lately, now is the time. A staggering 1.3 billion unique passwords and 2 billion unique email addresses surfaced online. This event is one of the largest ex… [+7508 chars]

TechRadar

Three $30 Black Friday VPN deals that you really must not ignore

[email protected] (Dan Sung) , Dan Sung
Published date: 2025-11-29 17:09:19

One for a year, another two and third you can keep for life

It's still all systems go for the 2025 Black Friday VPN deals with plenty of VPN providers still offering discounts on some of the very top products around. While it's easy to get caught up in the b… [+1421 chars]

Giveawayoftheday.com

iVerify Basic

None
Published date: 2025-11-28 23:24:29

iVerify Basic is your gateway to enhanced device security and threat awareness, offering a glimpse into the powerful capabilities of our enterprise-grade solution,...

iVerify Basic is your gateway to enhanced device security and threat awareness, offering a glimpse into the powerful capabilities of our enterprise-grade solution, iVerify EDR. Designed for individua… [+254 chars]

Khabarhub.com

Today’s News in a Nutshell

Khabarhub
Published date: 2025-11-28 16:15:34

KATHMANDU: Khabarhub brings you a glimpse of major developments of the day in Nepal, including politics, business/economy, sports, entertainment, and more. ‘Compelled by crisis’: President Paudel justifies HoR dissolution President Ram Chandra Paudel has subm…

KATHMANDU: Khabarhub brings you a glimpse of major developments of the day in Nepal, including politics, business/economy, sports, entertainment, and more. Compelled by crisis: President Paudel just… [+19230 chars]

Financial Post

CI Global Asset Management Announces Estimated Annual Reinvested Capital Gains Distributions for the CI ETFs

Business Wire
Published date: 2025-11-28 12:10:26

NOT FOR DISSEMINATION TO U.S. NEWSWIRE SERVICES OR FOR DISSEMINATION IN THE UNITED STATES OF AMERICA TORONTO — CI Global Asset Management (“CI GAM”) announces the estimated annual reinvested capital gains distributions (the “Reinvested Distributions”) for the…

NOT FOR DISSEMINATION TO U.S. NEWSWIRE SERVICES OR FOR DISSEMINATION IN THE UNITED STATES OF AMERICA THIS CONTENT IS RESERVED FOR SUBSCRIBERS ONLY Subscribe now to read the latest news in your city… [+20254 chars]

Potaroo.net

NANOG 95

None
Published date: 2025-11-28 03:00:00

NANOG held its 95th meeting in Arlington, Texas in October of 2025. Here's my take on a few presentations that caught my attention through this three-day meeting.

NANOG 95November 2025 The North American Network Operators Group (NANOG) can trace its antecedents to the group of so-called "Mid Level" networks that acted as feeder networks for the NSFNET, the ba… [+45662 chars]

Digital Journal

UK government’s budget leak: What lessons can be learned?

Dr. Tim Sandle
Published date: 2025-11-27 21:52:45

Businesses with no formal review process for external communications create significant vulnerability to both accidental disclosures and inaccurate information being published The post UK government’s budget leak: What lessons can be learned? appeared first o…

British finance minister Rachel Reeves has faced opposition calls to resign - Copyright POOL/AFP Aaron Favila Just prior to the British government announcing the budget for 2025 / 2026, the Office f… [+3810 chars]

Twistedsifter.com

A New Worker Wouldn’t Follow Security Precautions, So Other Employee Gave Him A Hard Time And He Only Lasted A Week

Matthew Gilligan
Published date: 2025-11-27 18:45:47

You shouldn't play around when it comes to computer security!

Shutterstock/Reddit It’s pretty amazing how arrogant some folks can be when they start new jobs. The best course of action is to keep your head down for a while, play by the rules, and don’t rock t… [+4705 chars]

TechRadar

Proton VPN's Black Friday deal cuts its price by 75% – and secures your traffic via a military base

Zoran Danilovic
Published date: 2025-11-27 16:43:17

Don't want to take a chance with your digital privacy? Proton VPN has your back

Proton VPN is keeping the Black Friday VPN sales season rolling with a massive 75% discount on its 2-year plan. That slashes the price to just $2.49 a month ($59.76 total), making it one of the most … [+2444 chars]

Nature.com

Omega deoxyribonucleic acid cryptography key-based authentication

Chai Wen Chuah, Jocelyn Tey, Kamaruddin Malik Mohamad
Published date: 2025-11-27 00:00:00

Scientific Reports - Omega deoxyribonucleic acid cryptography key-based authentication

<li>Al-Wattar, A. H., Mahmod, R., Zukarnain, Z. A. & Udzir, N. I. A new dna-based s-box. Int. J. Eng. Technol15(4), 19 (2015). Google Scholar </li><li>Alomair, B. Authenticated encryption: how… [+6726 chars]

securityboulevard.com

Securing AI-Generated Code in Enterprise Applications: The New Frontier for AppSec Teams

Bala Thripura Akasam
Published date: 2025-11-26 00:00:00

None

Artificial intelligence is no longer a novelty in software development. It is now writing code that runs in production systems. Tools like GitHub Copilot, ChatGPT and Amazon CodeWhisperer accelerate development cycles and enhance productivity. However, they also add a new layer of application-level risk that many organizations have yet to grasp. As companies scale up AI-assisted coding, <a href="https://securityboulevard.com/2025/11/securing-ai-generated-code-what-does-it-look-like-in-practice/" target="_blank" rel="noopener">they face a new security challenge</a>: Ensuring that machine-generated code meets the same or higher security standards as code written by humans. <h3 aria-level="1">The New Reality: AI as a Developer </h3>Application security programs were built around predictable, human-driven development. We train developers on secure coding, implement Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) in CI/CD, and rely on manual reviews to catch what tools miss. But AI shifts the entire landscape. Large Language Models pull from massive codebases, including open-source projects that may use outdated or insecure patterns. When developers rely on AI to generate code, they often end up with snippets that look clean and correct but overlook things like input validation, proper logging, or authorization checks. Two key issues make this especially risky: <ol><li>Unknown provenance: We can’t pinpoint where the code came from or confirm whether it aligns with company policies. </li><li>Invisible vulnerabilities. Many generated snippets avoid detection by traditional scanners because they look to be semantically correct. </li></ol>Put together, this creates a new kind of “shadow code”, which is code that runs well and seems fine, but can introduce real security risks. <h3 aria-level="1">Why Traditional Application Security Isn’t Enough </h3>Most security programs still rely on static and dynamic scanners that look for familiar patterns. However, AI-generated vulnerabilities are often related to logic, rather than syntax. You might get an access-control check that appears fine at first glance but validates the wrong role, or code that completely forgets to include audit logging. Traditional scanners also assume that a human wrote the code and adhered to common design principles. AI models can merge pieces of unrelated patterns, leading to new vulnerabilities that signature-based tools usually miss. The result is code that compiles cleanly, passes every automated test and still has serious, exploitable gaps. <h3 aria-level="1">Three Priorities for Application Security Leaders </h3>1. Define “AI Code Governance.” Organizations need to establish a clear policy for using AI in development. Developers must tag AI-generated code in commits, document the tools used and ensure a proper manual review before merging into main branches. Also, it is crucial to set up a simple approval process. This could mean open-source license reviews for any AI-assisted contribution. This guarantees traceability and accountability in case a future incident comes up. 2. Expand Testing to Include Behavior and Context Traditional SAST and DAST are no longer sufficient on their own. Teams need to layer in things like fuzz testing, runtime instrumentation and tools that actually understand how business logic works to catch the kinds of mistakes AI can introduce. There’s also a new wave of tools explicitly built to spot “AI-style vulnerabilities”. These include things like weak randomness or sloppy data validation. And if your vendor doesn’t offer that yet, it may be worth building some internal models trained on real examples so you can start catching those issues early. 3. Train Developers on Secure AI Usage The most effective safeguard is still human oversight. Therefore, developers should be trained to treat anything produced by AI as untrusted until they’ve reviewed it themselves. They also need to be careful not to feed sensitive or proprietary information into public tools, and to double-check any security-sensitive logic before it goes live. These habits should be integrated into your existing secure coding training and built into the SDLC so they become part of the typical workflow. <h3 aria-level="1">A New Mindset: From Shift-Left to Think-Wide </h3>“Shift-Left” has been a common motto in secure development. What it emphasizes is catching issues earlier. However, in the era of AI, security must also move to a new motto of: “Think-Wide.” Application Security now extends beyond developers to include data scientists, model owners, and compliance teams. Therefore, security professionals need to consider these key questions: What data trained this model? Does it incorporate insecure code from public sources? Can we explain its logic if a vulnerability arises? This collaboration across different roles showcases the importance of a cultural change in how we view software assurance. <h3 aria-level="1">Turning AI into an Ally </h3>Despite all the risks, AI can also help improve Application Security. The same models that create insecure code can be trained to produce test cases, examine vulnerabilities, and give suggestions for secure coding fixes on a large scale. Proactive teams are already introducing “security copilots” that check code and suggest fixes automatically. If handled responsibly, AI could reduce repetitive tasks and help enhance coverage across complex application portfolios. <h3 aria-level="1">Conclusion </h3>AI-generated code is already part of the enterprise landscape. It’s not going away. The organizations that thrive will be those that adopt this new development model before it becomes the standard. Application security managers must lead this change by defining governance, improving testing and empowering developers to use AI responsibly. In the years ahead, Application Security will not just be about protecting human code. It will involve managing the collaboration between humans and intelligent machines. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/securing-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams/" data-a2a-title="Securing AI-Generated Code in Enterprise Applications: The New Frontier for AppSec Teams "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecuring-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams%2F&linkname=Securing%20AI-Generated%20Code%20in%20Enterprise%20Applications%3A%20The%20New%20Frontier%20for%20AppSec%20Teams%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecuring-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams%2F&linkname=Securing%20AI-Generated%20Code%20in%20Enterprise%20Applications%3A%20The%20New%20Frontier%20for%20AppSec%20Teams%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecuring-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams%2F&linkname=Securing%20AI-Generated%20Code%20in%20Enterprise%20Applications%3A%20The%20New%20Frontier%20for%20AppSec%20Teams%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecuring-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams%2F&linkname=Securing%20AI-Generated%20Code%20in%20Enterprise%20Applications%3A%20The%20New%20Frontier%20for%20AppSec%20Teams%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fsecuring-ai-generated-code-in-enterprise-applications-the-new-frontier-for-appsec-teams%2F&linkname=Securing%20AI-Generated%20Code%20in%20Enterprise%20Applications%3A%20The%20New%20Frontier%20for%20AppSec%20Teams%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

Are AI Firewalls Worth the Investment?

Sergej Kostenko
Published date: 2025-11-26 00:00:00

None

AI is behind a surge in automated, hard-to-detect, and challenging-to-prevent cyberattacks. From <a href="https://securityboulevard.com/2025/11/how-ai-generated-content-is-fueling-next-gen-phishing-and-bec-attacks-detection-and-defense-strategies/" target="_blank" rel="noopener">AI-driven phishing</a> to adversarial AI to ransomware, cybercriminals are choosing their weapons, and they are AI-enabled. The situation is alarming. AI-powered firewalls are one of the measures organizations can take in response to this. But when it comes to budget, no matter how alarming the situation, a justification must be made. <h3 aria-level="2">The Problem and the Costs That Come With AI-Assisted Cyberattacks </h3>The <a href="https://cdn.prod.website-files.com/626ff19cdd07d1258d49238d/67c5b7b24b8f30bb4878f9f5_Darktrace%20State%20of%20AI%20Cybersecurity%202025.pdf" target="_blank" rel="noopener">research indicates</a> that almost three-quarters (74%) of IT security professionals say their organizations are experiencing significant impacts from AI-powered threats. The net result of this increase is felt in data breaches, ransomware attacks, and other harmful security incidents. The average cost of a data breach <a href="https://www.ibm.com/thought-leadership/institute-business-value/en-us/report/2025-threat-intelligence-index">is estimated</a> to be around $4.88 million. Consequently, the <a href="https://www.grandviewresearch.com/industry-analysis/artificial-intelligence-cybersecurity-market-report">AI-powered cybersecurity market</a> is expected to show a CAGR of 24.4% by 2030, from $25.35 billion in 2024. AI firewalls are the next generation, taking on the scourge of cyber threats by fighting AI with AI. However, a business must justify its spending on cybersecurity. <h3 aria-level="2">Is it Really Necessary to Upgrade to an AI-Powered Firewall? </h3>AI-powered firewalls are optimized to detect sophisticated emerging threats posed by AI-assisted cyberattacks. They use behavioral analysis and anomaly detection to detect unusual and suspicious activities within milliseconds. The technology self-learns and adapts to the changing environment, predicting patterns and identifying potential threats before they become an incident. Conversely, on-AI technologies cannot detect anomalous patterns as their activity is based on predefined and static rules. Another aspect of AI-powered firewalls that is missing from their traditional counterparts is the ability to perform a deep-pocket inspection. This capability provides the means to learn about attack techniques, tactics, and processes as they happen. AI firewalls also self-adapt and self-adjust policies based on a real-time assessment without human intervention. The benefit of integration with CMS systems means that threat intelligence can be shared with security information and event management systems (SIEM) to enhance cybersecurity. <h3 aria-level="2">What are the Challenges of AI-Powered Firewalls? </h3>AI-powered firewalls can be expensive: Implementation is a cost barrier as it can take time-to-value (TTV). The amount of time depends on the scale of the company, business, or government authority. It is important to evaluate implementation variables, as some AI-based firewalls can be lengthy to implement, often taking weeks to deploy. Affordability, especially for smaller organizations, can be off-putting. However, cloud-based AI firewalls working in a virtual machine provide value for money and cost-effectiveness. False positives: Some AI-powered firewalls may have issues with false positives, leading to IT overhead in dealing with them. Subsequent alert fatigue can also be an issue, resulting in missed threats. Since these systems rely on AI, resolving false positives isn’t as simple as adjusting traditional rules—it requires retraining the underlying AI models. Privacy issues and compliance: AI-powered firewalls utilize vast amounts of data, which could potentially impact data privacy regulatory compliance. Ensure that your AI-powered firewall uses privacy-enhancing technologies like data masking and anonymization and can perform compliance checks. Lack of in-house AI expertise: Many smaller organizations lack AI expertise, making it difficult to evaluate, manage, and maintain an AI-powered firewall. <h3 aria-level="2">The Cost-Benefit of AI-Powered Firewalls </h3>Predictive threat hunting: The Return on Investment (ROI) when deploying an AI-powered firewall is felt most keenly in the impact of unknown or emerging cyber threats. Add to this the fact that in early 2025, organizations faced an average of <a href="https://blog.checkpoint.com/research/q1-2025-global-cyber-attack-report-from-check-point-software-an-almost-50-surge-in-cyber-threats-worldwide-with-a-rise-of-126-in-ransomware-attacks/" target="_blank" rel="noopener">1,925 cyberattacks every week</a>. Noncompliance with regulations: The cost of fines for data breaches can be high. For example, GDPR noncompliance can cost up to 4% of annual turnover or 20 million euros, whichever is higher. Migration costs: Migration from traditional firewalls to AI firewalls may seem costly. However, if there has been a large investment in traditional firewall technology, some AI firewalls can coexist with the traditional install base. Indeed, this hybrid model can be highly efficient. The AI engine detects malicious traffic, sharing this intelligence with the traditional firewall to block the traffic. <h3 aria-level="2">ROI to Justify an AI-Powered Firewall </h3>The ROI of an AI firewall must take multiple variables into account. Each ROI calculation will be on a per-company basis. However, the general form of the ROI equation is as follows:<span data-ccp-props='{"335559738":120,"335559739":120,"335572071":0,"335572072":0,"335572073":15460325,"335572075":0,"335572076":0,"335572077":15460325,"335572079":0,"335572080":0,"335572081":15460325,"335572083":0,"335572084":0,"335572085":15460325,"335572087":0,"335572088":0,"335572089":15460325,"469789798":"none","469789802":"none","469789806":"none","469789810":"none","469789814":"none"}'> <span data-ccp-props='{"335559738":120,"335559739":120,"335572071":0,"335572072":0,"335572073":15460325,"335572075":0,"335572076":0,"335572077":15460325,"335572079":0,"335572080":0,"335572081":15460325,"335572083":0,"335572084":0,"335572085":15460325,"335572087":0,"335572088":0,"335572089":15460325,"469789798":"none","469789802":"none","469789806":"none","469789810":"none","469789814":"none"}'> Annual cost of security incidents: Estimate your current risk levels and associated costs based on metrics from research by analysts and vendors. Include risks such as impact on customer loyalty, for example, <a href="https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-infographic-2025.pdf" target="_blank" rel="noopener">95% of organizations</a> believe their customers would not buy from them if they did not protect data properly. <span data-ccp-props='{"335559738":120,"335559739":120,"335572071":0,"335572072":0,"335572073":15460325,"335572075":0,"335572076":0,"335572077":15460325,"335572079":0,"335572080":0,"335572081":15460325,"335572083":0,"335572084":0,"335572085":15460325,"335572087":0,"335572088":0,"335572089":15460325,"469789798":"none","469789802":"none","469789806":"none","469789810":"none","469789814":"none"}'> Annual cost of AI-powered firewall: Will differ depending on the organization’s size and whether it is delivered via an MSP. For example, Edge-AI solutions may start at $0.5/device/month, with costs varying based on the number of devices and overall infrastructure complexity. There is also an option to connect an external threat feed to your existing firewall, which will provide instructions on what threats to block. The AI itself will reside in a separate platform that analyzes all the data. This approach makes the transition to an AI-powered firewall more cost-effective. Further justification comes from the <a href="https://www.ibm.com/reports/data-breach" target="_blank" rel="noopener">IBM study</a>, which found organizations that used AI security prevention solutions saved a dramatic USD $2.22 million compared to those that didn’t. This is around a 45% cost saving by using AI to fight AI.<h3 aria-level="2">Conclusion </h3>AI-powered firewalls are a lifesaver across all sectors as cybercriminals exploit AI for nefarious purposes. They place a massive burden on organizations to respond accordingly. With the right type of architecture, an AI firewall can be cost-effective and easy to deploy and integrate into existing security stacks. A cloud-based, scalable AI-powered firewall can justify your purchase of this technology. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/are-ai-firewalls-worth-the-investment/" data-a2a-title="Are AI Firewalls Worth the Investment? "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fare-ai-firewalls-worth-the-investment%2F&linkname=Are%20AI%20Firewalls%20Worth%20the%20Investment%3F%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fare-ai-firewalls-worth-the-investment%2F&linkname=Are%20AI%20Firewalls%20Worth%20the%20Investment%3F%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fare-ai-firewalls-worth-the-investment%2F&linkname=Are%20AI%20Firewalls%20Worth%20the%20Investment%3F%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fare-ai-firewalls-worth-the-investment%2F&linkname=Are%20AI%20Firewalls%20Worth%20the%20Investment%3F%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fare-ai-firewalls-worth-the-investment%2F&linkname=Are%20AI%20Firewalls%20Worth%20the%20Investment%3F%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

AI Cybercriminals Target Black Friday and Cyber Monday

Amogh Hiremath
Published date: 2025-11-26 00:00:00

None

The holiday shopping season no longer starts with doorbusters or glittering storefronts. It now begins with a surge of AI-assisted malicious activity that accelerates faster than any retail promotion. In the weeks leading up to <a href="https://securityboulevard.com/2025/11/would-your-business-survive-a-black-friday-cyberattack/" target="_blank" rel="noopener">up to Black Friday</a> and Cyber Monday, phishing campaigns rise by nearly seven hundred percent and compromised credentials increase by more than 160%. These are not random spikes. They signal the activation of a parallel criminal economy that treats the holiday calendar as a strategic window of profitability. This underground market has evolved into a structured commercial sector powered by automation, synthetic identities and generative AI that can craft convincing lures, clone trusted communication patterns and scale credential attacks with machine precision. It is no longer a loose collection of opportunists. It is an AI-enabled industry built on intrusion and data theft, and it grows louder every time the retail world gets busy. <h3>AI Turns Holiday Scams Into Precision Operations </h3>This ecosystem mirrors legitimate retail behaviour. Generative models craft credible phishing messages in seconds. Fake storefronts appear with layouts identical to trusted brands, blending perfectly into the seasonal shopping landscape. Messages reference shipping delays, abandoned carts and limited stock, all tuned to match consumer expectations. Automated bot networks run credential stuffing campaigns that resemble natural user traffic, shifting devices and altering behaviour to avoid detection. Holiday traffic becomes camouflage and AI becomes the driving engine of scale. <h3>Phishing Evolves into Full-Service Deception Engines </h3>The phishing problem has transformed completely. Errors that once exposed scams are gone. Now, emails and messages are fluent, localized and structured to match brand language. AI assistance has made this possible. Attackers deploy humanlike support bots and voice-cloned callers who speak with the familiarity of legitimate customer service teams. Fake tracking portals and delivery updates steal passwords and payment information with interfaces that appear indistinguishable from reputable providers. <h3>Accounts Become the New Entry Points for Holiday Fraud </h3>Account compromise has matured into a deeply adaptive threat. Attackers rely on massive credential dumps and automated systems that behave like genuine shoppers. They rotate browser signatures, switch IP addresses and time login attempts to coincide with peak shopping patterns. Once inside an account, they act quickly. They change delivery addresses, drain loyalty balances, initiate unauthorized purchases or exploit refund systems built for seamless customer experiences. A simple login event becomes the gateway to more complex forms of fraud. <h3>When Code Replaces Cash Registers: Payment Skimming’s Rise </h3>Payment skimming remains one of the most profitable seasonal threats. Retail platforms rely on numerous third-party scripts for personalization, analytics and checkout. Criminal groups target these dependencies to inject silent skimming code. One compromised script can capture thousands of card numbers during the busiest shopping days of the year. <a href="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.20.png"><img fetchpriority="high" decoding="async" class="aligncenter wp-image-2077315 size-full" src="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.20.png" alt="" width="526" height="312" srcset="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.20.png 526w, https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.20-300x178.png 300w" sizes="(max-width: 526px) 100vw, 526px"></a> Image 1: Distribution of major holiday season cyber threats. <h3>Luxury Labels Face a Higher Class of Cybercrime </h3>Luxury brands face heightened risk due to the value and sensitivity of their customer data. Wealth profiles, purchasing behaviours and high limit payment tendencies create a lucrative target set. Recent attacks against major luxury houses often start with the compromise of external marketing platforms or CRM systems. Criminals use these footholds to exfiltrate entire customer databases, later weaponizing the information in targeted identity theft and bespoke social engineering campaigns. The damage impacts brand exclusivity, reputation and long-term customer trust. <h3>Ransomware Timing and Attack Chains Converge Into a Single High-Impact Playbook </h3>Ransomware actors time their operations to the holiday shopping calendar, striking when disruption hurts the most and retailers are least able to absorb downtime. Groups such as Clop, BianLian, Qilin, DragonForce, BlackCat, FunkSec and RansomHub typically begin with a quiet infostealer foothold, move laterally, catalogue valuable data and delay encryption until they have gathered enough leverage to force a response. Their activity, however, is only one part of a broader chain of behaviours. Modern attackers do not operate through isolated incidents but through sequenced actions that fold into one another. A stolen cookie or password becomes the opening point of access. That access enables order manipulation or refund abuse. These manipulations grow into unauthorized gift card purchases, payment fraud and eventually identity theft. To most victims the visible symptom is the only part they notice, yet the true intrusion is a multi-step progression that criminals refine and repeat across retail environments every holiday season. <a href="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.33.png"><img decoding="async" class="size-full wp-image-2077316 aligncenter" src="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.33.png" alt="" width="649" height="340" srcset="https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.33.png 649w, https://securityboulevard.com/wp-content/uploads/2025/11/Screenshot-2025-11-26-08.34.33-300x157.png 300w" sizes="(max-width: 649px) 100vw, 649px"></a> Image 2: Threat activity continues to rise year over year across retail and luxury. <h3>How Fraudsters Lure Shoppers With Black Friday Mirage Deals </h3>Consumer-facing scams reflect the same sophistication. Unrealistic discounts circulate from accounts created days earlier. Fake sites lack privacy notices or proper contact information. Instead of standard checkout options, they request bank transfers or cryptocurrency, which are preferred by organized groups. Impersonated URLs mislead shoppers with minor character changes. Urgency completes the deception with timers and warnings of low stock. Agencies like the United Kingdom’s NCSC encourage forwarding suspicious emails to reporting services and recommend using credit cards for added consumer protection. <h3>Security in Retail Can No Longer Be a Periodic Checklist </h3>Defensive posture must operate in real time. Vendor oversight, restricted access and continuous monitoring of external scripts are foundational requirements. Authentication systems must evaluate behavioural signals. High-risk transactions require additional verification. Retailers must monitor for lookalike domains and cloned storefronts and coordinate rapid takedowns. Incident response teams should rehearse scenarios involving credential abuse, checkout manipulation and rapid data theft to reduce reaction time. <h3>Retailers That Keep Pace Will Survive This Season’s AI Crimewave </h3>The pattern across recent incidents is clear. Criminal groups scale their operations with the precision of large enterprises and AI amplifies their reach. Organizations that adopt real-time monitoring, adaptive analytics and fast response workflows will maintain resilience through the holiday shopping season. Cybersecurity partners that provide continuous threat detection and incident readiness can help businesses match the tempo of AI-driven adversaries.The holiday rush will always reward speed and attackers know it well. AI now gives them the advantage to move faster than most retailers expect. The organizations that stay ahead are the ones that monitor constantly, validate trust at every step and respond before small anomalies turn into real incidents. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ai-cybercriminals-target-black-friday-and-cyber-monday/" data-a2a-title="AI Cybercriminals Target Black Friday and Cyber Monday"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fai-cybercriminals-target-black-friday-and-cyber-monday%2F&linkname=AI%20Cybercriminals%20Target%20Black%20Friday%20and%20Cyber%20Monday" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fai-cybercriminals-target-black-friday-and-cyber-monday%2F&linkname=AI%20Cybercriminals%20Target%20Black%20Friday%20and%20Cyber%20Monday" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fai-cybercriminals-target-black-friday-and-cyber-monday%2F&linkname=AI%20Cybercriminals%20Target%20Black%20Friday%20and%20Cyber%20Monday" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fai-cybercriminals-target-black-friday-and-cyber-monday%2F&linkname=AI%20Cybercriminals%20Target%20Black%20Friday%20and%20Cyber%20Monday" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fai-cybercriminals-target-black-friday-and-cyber-monday%2F&linkname=AI%20Cybercriminals%20Target%20Black%20Friday%20and%20Cyber%20Monday" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

INE Expands Cross-Skilling Innovations

None
Published date: 2025-11-26 00:00:00

None

Cary, North Carolina, USA, November 26th, 2025, CyberNewsWireNew courses, certifications, and hands-on training strengthen workforce readiness.<a target="_blank" rel="nofollow noopener" href="http://www.ine.com/?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">INE</a>, the leading provider of hands-on IT and Cybersecurity training and industry-recognized certification prep, today announced a significant expansion of its learning portfolio, reaffirming its commitment to empowering technology professionals with the skills they need to thrive.As organizations across the globe accelerate their adoption of cloud, AI, automation, and advanced security technologies, IT teams must remain more adaptable than ever. INE continues to meet this demand by releasing new, high-impact content and refreshing existing learning paths to ensure learners stay aligned with industry standards, master emerging tools, and build real-world, muscle-memory expertise.Expanding Content for Today’s Most In-Demand SkillsOver the last quarter, INE has rolled out a wide range of new courses, hands-on labs, and certification prep resources designed to help professionals cross-skill and upskill within one integrated training platform. New and updated content includes:<ul> <li>AI in Automation Course — Now part of INE’s Cisco certification prep, enabling learners to integrate AI-driven automation capabilities into modern enterprise infrastructures.</li> <li>Enterprise Network Design Scenarios — Advanced modules supporting CCIE Enterprise Infrastructure candidates with realistic scenario-based design and troubleshooting.</li> <li>Updated INE Security Certifications & Prep — Enhancements to <a target="_blank" rel="nofollow noopener" href="https://ine.com/security/certifications/ecir-certification?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">Certified Incident Responder (CIR)</a> and <a target="_blank" rel="nofollow noopener" href="https://ine.com/security/certifications/ecthp-certification?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">Certified Threat Hunting Professional (CTHP)</a> programs, ensuring security specialists train on current adversarial tactics and defense strategies.</li> <li>Expanded Certification Prep for Industry-Leading Vendors — Including updated pathways for CISSP, CompTIA Security+, and Network+.</li> <li>New <a target="_blank" rel="nofollow noopener" href="https://ine.com/certifications/data-science/ejds-certification?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">Junior Data Scientist (eJDS)</a> Learning Path & Certification — A guided, practical path designed to introduce learners to Python, data analysis, machine learning foundations, and real-world data workflows.</li> </ul><blockquote>“Technology doesn’t stand still, and neither should the people who power it,” said Lindsey Rinehart, INE Chief Executive Officer. “Our goal is to give learners one place to grow from novice to expert, with continuously refreshed, hands-on content that reflects what top employers need right now.”</blockquote>A Platform Built for Real Skill DevelopmentINE’s training model emphasizes hands-on learning, scenario-based exercises, and progressive skill-building paths. Learners can practice concepts in real environments, gaining practical experience that transfers directly to on-the-job performance. Through this approach, INE enables individuals and teams to build lasting, applied knowledge rather than rely on passive video training.Supporting Professionals on Their Learning JourneyIn an effort to make high-quality technical training accessible to as many professionals as possible, INE is also offering limited-time pricing during the Black Friday period. These offers provide reduced-cost access to INE’s most comprehensive training plans and certifications, supporting learners at every stage of their career development.Learners can choose from bundles that include annual subscriptions, certification vouchers, and hands-on labs, saving up to $750! For the first time, INE is offering the INE Premium Subscription for 50% off to ensure the most comprehensive training subscription is accessible to learners at every level. To learn more about INE’s commitment to accessible, high-impact training—and to explore this year’s limited-time Black Friday opportunities—users can visit <a target="_blank" rel="nofollow noopener" href="https://learn.ine.com/promo/black-friday-2025?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">https://learn.ine.com/promo/black-friday-2025</a>. About INE<a target="_blank" rel="nofollow noopener" href="http://www.ine.com/?utm_source=cyberwire&utm_medium=referral&utm_campaign=ine-announces-black-friday-savings-november-2025&utm_content=ine-announces-black-friday-savings-november-2025_press-release&utm_term=all">INE x INE Security</a> is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.<h5>Contact</h5>Chief Marketing Officer Kim Lucht INE <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="deaeacbbadad9eb7b0bbf0bdb1b3">[email protected]</a> <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/ine-expands-cross-skilling-innovations/" data-a2a-title="INE Expands Cross-Skilling Innovations"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fine-expands-cross-skilling-innovations%2F&linkname=INE%20Expands%20Cross-Skilling%20Innovations" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fine-expands-cross-skilling-innovations%2F&linkname=INE%20Expands%20Cross-Skilling%20Innovations" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fine-expands-cross-skilling-innovations%2F&linkname=INE%20Expands%20Cross-Skilling%20Innovations" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fine-expands-cross-skilling-innovations%2F&linkname=INE%20Expands%20Cross-Skilling%20Innovations" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fine-expands-cross-skilling-innovations%2F&linkname=INE%20Expands%20Cross-Skilling%20Innovations" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

securityboulevard.com

The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle

Ariel Parnes
Published date: 2025-11-26 00:00:00

None

The European Union’s Cyber Resilience Act (CRA) has captured global attention because of the new approach it brings to regulating software and connected products. The CRA doesn’t stop at compliance checkboxes. It introduces four principles that reshape how vendors must think about security: Products should launch without known vulnerabilities, security must be built in from the design phase, vulnerabilities must be managed across the entire lifecycle, and vendors must be prepared to deliver rapid updates when issues arise. The common thread is clear. <a href="https://securityboulevard.com/2025/11/rethinking-cyber-resilience-in-the-age-of-ai/" target="_blank" rel="noopener">Resilience needs to be embedded from the start</a> rather than bolted on after incidents. Though born in Europe, the CRA’s influence will eventually spread far beyond EU borders. Global vendors cannot realistically maintain different development and security standards across markets. Like General Data Protection Regulation (GDPR) before it, the CRA will shape how products are built, shipped, and maintained worldwide. U.S. companies should pay close attention, not only because they may fall under its scope, but also because domestic regulators are moving in the same direction. The SEC’s new disclosure rules, the FTC’s scrutiny of negligent practices, and the growing number of state-level data protection laws all point to a world where resilience isn’t a “nice to have.” <h3>SaaS as the CRA’s Proving Ground </h3>Software-as-a-service (SaaS) is one of the most overlooked proving grounds for CRA principles. SaaS applications are now the backbone of modern organizations, from sales and finance to HR and engineering. They are also a prime target for attackers, precisely because they sit at the intersection of sensitive data, federated identity and complex integrations. The recent <a href="https://www.bleepingcomputer.com/news/security/salesloft-march-github-repo-breach-led-to-salesforce-data-theft-attacks/" target="_blank" rel="noopener">Salesloft breach</a> shows why CRA-style requirements matter here. In March, attackers <a href="https://trust.salesloft.com/?uid=Update+on+Mandiant+Drift+and+Salesloft+Application+Investigations" target="_blank" rel="noopener">compromised a GitHub workflow</a>, stole OAuth tokens, and leveraged them to access Salesforce environments connected to Salesloft. This was not a traditional exploit of unpatched software, but it did involve weaknesses in the vendor’s security practices. Stronger controls, rapid patching, immediate reporting and more secure development pipelines – the exact requirements envisioned by the CRA – would have reduced the likelihood and impact of such an incident. In this sense, CRA provides a useful framework for SaaS vendors. “No known vulnerabilities” at launch, a continuous vulnerability management process and lifecycle security obligations – together set a baseline for responsible SaaS development. <h3>Why Compliance Alone Won’t Stop the Next Breach </h3>But this is only half the story. Even the most diligent vendor can ship a service that is technically free of known vulnerabilities, and customers may still find themselves compromised. Some of the most dangerous attacks don’t exploit software flaws. They exploit people. The wave of vishing campaigns targeting <a href="https://www.mitiga.io/blog/how-threat-actors-used-salesforce-data-loader-for-covert-api-exfiltration" target="_blank" rel="noopener">Salesforce customers</a> shows this clearly. Groups like ShinyHunters convinced employees to hand over valid Salesforce credentials through phone and voice phishing schemes. With real logins in hand, attackers moved laterally, accessed sensitive records and exfiltrated data. No unpatched vulnerability was needed. Attackers don’t break in. They log in. When valid credentials or tokens are abused, the principle of lifecycle security and even strong vulnerability handling are not enough. Prevention-focused approaches are bypassed entirely, underscoring the need for resilient defenses. <h3>Shared Responsibility is the Only Way Forward </h3>This brings us to the heart of the matter: SaaS security is inherently a shared responsibility. The CRA rightfully raises the bar for vendors, demanding secure-by-design practices, vulnerability handling and timely updates. But customers cannot outsource all accountability. Vendors must: <ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1">Harden their code, pipelines and integrations. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1">Provide rapid updates and transparency when vulnerabilities are found. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1">Build in protections against unauthorized access. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1">Report exploited vulnerabilities or incidents quickly to the authorities. </li></ul>Customers must: <ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="1" data-aria-level="1">Monitor how identities are used across SaaS applications. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="2" data-aria-level="1">Detect and respond to suspicious logins, anomalous activity, or unauthorized integrations. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="3" data-aria-level="1">Educate employees to resist social engineering and phishing campaigns. </li></ul><ul><li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props='{"335552541":1,"335559685":720,"335559991":360,"469769226":"Symbol","469769242":[8226],"469777803":"left","469777804":"","469777815":"multilevel"}' data-aria-posinset="4" data-aria-level="1">Integrate SaaS events into detection and response workflows. </li></ul>Resilience in SaaS comes not from compliance checkboxes, but from this balance. Vendors secure the foundation, and customers build vigilance on top of it. Both sides must act. <h3>A Preview of What’s Coming </h3>The CRA points the way for global regulation: Resilience, accountability and lifecycle security. U.S. regulators may not choose to adopt the exact same framework, but the principles are already visible in SEC disclosure mandates and FTC enforcement. For companies operating in the U.S., the safest path is to prepare as if CRA-style rules are inevitable. Organizations must do both: Hold vendors accountable and build detection and response capabilities for when attackers inevitably log in. Organizations that treat resilience as a partnership – vendors building secure platforms, customers monitoring identity and activity – will be far better positioned than those who view compliance as a finish line. <h3>Resilience Demands Shared Responsibility </h3>The Cyber Resilience Act is a step forward for software security, and SaaS vendors should embrace its principles. But it would be a mistake to assume that compliance alone will deliver resilience. As the Salesloft breach shows, vendor practices matter. As the Salesforce vishing campaigns show, so does customer vigilance. Attackers in the SaaS era exploit both technology and people. They don’t break in. They log in. The only way forward is shared responsibility. Vendors and customers must accept that resilience is a joint mission. Those who act on that understanding will not only stay ahead of regulators but will also be ready for the next wave of attacks. <div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/the-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle/" data-a2a-title="The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle "><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fthe-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle%2F&linkname=The%20Cyber%20Resilience%20Act%20and%20SaaS%3A%20Why%20Compliance%20is%20Only%20Half%20the%20Battle%C2%A0" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fthe-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle%2F&linkname=The%20Cyber%20Resilience%20Act%20and%20SaaS%3A%20Why%20Compliance%20is%20Only%20Half%20the%20Battle%C2%A0" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fthe-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle%2F&linkname=The%20Cyber%20Resilience%20Act%20and%20SaaS%3A%20Why%20Compliance%20is%20Only%20Half%20the%20Battle%C2%A0" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fthe-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle%2F&linkname=The%20Cyber%20Resilience%20Act%20and%20SaaS%3A%20Why%20Compliance%20is%20Only%20Half%20the%20Battle%C2%A0" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fthe-cyber-resilience-act-and-saas-why-compliance-is-only-half-the-battle%2F&linkname=The%20Cyber%20Resilience%20Act%20and%20SaaS%3A%20Why%20Compliance%20is%20Only%20Half%20the%20Battle%C2%A0" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>

Speaking Freely: Laura Vidal

Jillian C. York
Published date: 2025-11-25 23:57:59

Interviewer: Jillian York Laura Vidal is a Venezuelan researcher and writer focused on digital rights, community resilience, and the informal ways people learn and resist under authoritarian pressure. She holds a Doctorate in Education Sciences and intercul…

Werd.io

The EFF we need now

Ben Werdmuller
Published date: 2025-11-25 15:50:56

Why the next era of digital civil liberties requires a tighter mission, a bolder strategy, and a clearer view of how power works.

I used to walk past a nondescript grey office building at the intersection of 2nd and Folsom in San Francisco. Its the kind of corporate architecture that litters every city but nobody really loves: … [+16365 chars]

BusinessLine

SCI Semiconductors expressed interest in setting up a GCC in Bengaluru: Industries Minister MB Patil

BL Bengaluru Bureau
Published date: 2025-11-25 13:57:58

SCI Semiconductors plans to establish a Global Capability Centre in Bengaluru, boosting local microprocessor manufacturing and investment opportunities.

UK-based SCI Semiconductors has expressed interest in establishing a Global Capability Centre (GCC) in Karnataka. This move is expected to pave the way for the local manufacture of hardware-secured m… [+2434 chars]

BusinessLine

SCI Semiconductors expressed interest in setting up a GCC in Bengaluru: Industries Minister MB Patil

BL Bengaluru Bureau
Published date: 2025-11-25 13:57:58

SCI Semiconductors plans to establish a Global Capability Centre in Bengaluru, boosting local microprocessor manufacturing and investment opportunities.

Allthingsdistributed.com

Tech predictions for 2026 and beyond

[email protected] (Dr. Werner Vogels)
Published date: 2025-11-25 10:53:39

We’ve caught glimpses of a future that values autonomy, empathy, and individual expertise. Where interdisciplinary cooperation influences discovery and creation at an unrelenting pace. In the coming year, we will begin the transition into a new era of AI in t…

For much of the world, technology has become so intertwined with our day-to-day lives that it influences everything. Our relationships, the care we seek, how we work, what we do to protect ourselves,… [+26045 chars]

TechRadar

ExpressVPN is still the most expensive VPN in our top 5, but here's why it's worth checking out

Rene Millman
Published date: 2025-11-25 10:53:19

ExpressVPN isn't joining the race to the bottom this Black Friday. We dig into why its premium price might just be worth it for your digital security needs.

For most people,Black Friday means one thing: deep discounts on products and services they’ve been eyeing all year. The VPN market is no different, with a flood of Black Friday VPN deals promising e… [+2801 chars]

Opiniojuris.org

University Open Source Investigation Labs: A Conversation Between Queen’s University Belfast and the Hertie School

Lydia Millar
Published date: 2025-11-25 08:00:55

[Lydia Millar is a PhD candidate at Queen’s University Belfast and manager of the Digital Investigation Lab at the School of Law. Filipe Castillejo Gaitán is a Colombian Human Rights and OSINT Researcher, former co-coordinator of the Hertie School Digital Ver…

Technology

Related News

1Password Launches 50% Off Cyber Monday Deal

Securing Nepal’s Digital Future: From Awareness to Action

I’m convinced these are the best Cyber Monday deals of the year

Check if your passwords were stolen in huge leak

Three $30 Black Friday VPN deals that you really must not ignore

iVerify Basic

Today’s News in a Nutshell

CI Global Asset Management Announces Estimated Annual Reinvested Capital Gains Distributions for the CI ETFs

NANOG 95

UK government’s budget leak: What lessons can be learned?

A New Worker Wouldn’t Follow Security Precautions, So Other Employee Gave Him A Hard Time And He Only Lasted A Week

Proton VPN's Black Friday deal cuts its price by 75% – and secures your traffic via a military base

Omega deoxyribonucleic acid cryptography key-based authentication

Securing AI-Generated Code in Enterprise Applications: The New Frontier for AppSec Teams

Are AI Firewalls Worth the Investment?

AI Cybercriminals Target Black Friday and Cyber Monday

INE Expands Cross-Skilling Innovations

The Cyber Resilience Act and SaaS: Why Compliance is Only Half the Battle

Speaking Freely: Laura Vidal

The EFF we need now

SCI Semiconductors expressed interest in setting up a GCC in Bengaluru: Industries Minister MB Patil

SCI Semiconductors expressed interest in setting up a GCC in Bengaluru: Industries Minister MB Patil

Tech predictions for 2026 and beyond

ExpressVPN is still the most expensive VPN in our top 5, but here's why it's worth checking out

University Open Source Investigation Labs: A Conversation Between Queen’s University Belfast and the Hertie School

Most Popular

How to Choose the Right Virtual Data Room for Your Startup

INE Expands Cross-Skilling Innovations

The Attack Surface of Cloud-Based Generative AI Applications is Evolving

How Video Translation Enhances Multilingual User Training for SSO and Access Management Systems

AI Cybercriminals Target Black Friday and Cyber Monday

Technology

Related News

Most Popular

Advertisements

Follow us

Recent Tweets