I got this security alert from Google yesterday.

I think its a false alarm but how do I confirm? What causes these false alarms - I have experienced similar alarms from Microsoft. When I checked Google, it shows name of my computer against the suspicious activity. I have removed it from the screenshot:

But I was not doing anything. I only had chrome open and my account was not even open in any tab.

BQTLock, associated with a Lebanon-based hacktivist group - Liwaa Mohammed, is marketed as Ransomware-as-a-Service (RaaS) on the dark web and social platforms like X and Telegram. They encrypt files and demand ransoms in Monero (XMR), operating under a double-extortion mode.

You set up web content filtering to protect the users, devices, network- basically Everything!
They say you’re “killing productivity” because, ‘Reddit’s down.’

One user even opened a ticket:

Subject: “Emergency - Need access to YouTube for…research.”

Look, we love memes as much as the next guy.
But malware doesn’t care if it came from a cat video or a phishing scam.

Meanwhile, your web content filter is working overtime like:
Filter first. Apologize never.

So yeah, we block. We filter. We wear the villain cape with pride.
Because one “harmless” click is all it takes for the whole network to catch a digital cold.

You tell me, how many sites have you had to block before someone noticed they couldn’t stream cricket?

And while we’re at it, check how web filtering actually keeps your business out of trouble: Smart Web Filtering Software for business to build a safer workspace.

Question. Are there reverse VOIP look up tools? Had someone spoof a legitimate bank number to try to scam me and they’ve said they’ll call back to follow up with details on the case. Are there any tools(pirated or otherwise) that can help me figure out who’s actually spoofed the call?

Cybercriminals aren't playing around anymore. They're getting smarter, faster, and more creative with every attack. If you think one security tool can handle everything they throw at you, you're in for a rude awakening.

Here's the thing about cybersecurity – it's a lot like protecting a medieval castle. Sure, you had those massive stone walls, but smart defenders knew that wasn't enough. You needed a moat, guards walking the perimeter, lookout towers, and people ready to sound the alarm when trouble was brewing. Same concept applies to protecting your digital assets today.

Your Digital Security Team

Firewalls: Your Bouncer at the Door

Think of firewalls as the bouncer checking IDs at a nightclub. They decide who gets in and who doesn't based on a set of rules. Today's firewalls are pretty sophisticated – they don't just look at where traffic is coming from, but they can actually peek inside data packets and check if applications are behaving themselves.

But here's the catch: bouncer can only stop the troublemakers they recognize. If someone's got a fake ID that looks legit, they might slip through.

IDS/IPS: The Security Cameras with Attitude

Intrusion Detection Systems are like having security cameras everywhere, constantly watching for weird behavior. Intrusion Prevention Systems take it a step further – they're like security guards who can actually tackle the bad guy when they spot trouble.

These systems are great at catching things like someone trying to break down your digital door with repeated login attempts or suspicious movement between different parts of your network. They're watching for the stuff that doesn't look quite right.

EDR: Your Personal Bodyguard

Endpoint Detection and Response is like having a personal bodyguard for every computer, server, and device in your organization. While the firewall guards the front door, EDR is watching what happens once someone's inside.

Picture this: a hacker tricks an employee into clicking a malicious link. The firewall might not catch it because it looks innocent enough, but EDR is watching that computer like a hawk. The moment something fishy starts happening – boom – it can isolate the device before the problem spreads.

SIEM/SOAR: Mission Control

Security Information and Event Management paired with Security Orchestration is basically your mission control center. It takes all the alerts and information from your firewalls, IDS/IPS, and EDR systems and tries to make sense of it all.

Without this central brain, you'd be drowning in alerts. SIEM/SOAR connects the dots between different events and can automatically respond to threats. It's like having a really smart coordinator who can see the big picture and coordinate the response.

Why This Team Approach Actually Works

Each tool has its own specialty and blind spots. Firewalls are great gatekeepers but can't see everything that happens inside your network. IDS/IPS systems are excellent at spotting network-based attacks but might miss something happening directly on a device. EDR is fantastic at protecting individual endpoints but can't see the network-wide picture.

When you combine them all, you're covering each other's weaknesses. It's like having a security team where everyone has different skills – the result is much stronger than any individual expert working alone.

The Reality Check

Today's attackers aren't just script kiddies throwing random attacks at your walls. They're running sophisticated operations that unfold in stages: they start with something innocent like a phishing email, then quietly explore your network, gradually gain more access, and finally strike with ransomware or data theft.

A layered defense means that even if they get past your first line of defense, you've got backup systems ready to catch them at the next stage. It's about making their job as difficult as possible while giving yourself the best chance to spot and stop them before they achieve their goals.

The organizations that are thriving in today's threat landscape aren't the ones throwing money at the latest shiny security tool. They're the ones building coordinated defense systems where each component works together like a well-oiled machine.

What's your take – do you think having that central command center (SIEM/SOAR) is becoming the most important piece, or are the frontline defenders like firewalls and EDR still the real MVPs?

Hey everyone, I am new to Hacking and wondering if is it a good idea to read the book Hacking: the art of exploitation in 2025. I mean the book is too old, is it worth it in today's world.

I am mid level software engineer by profession and intrested in infosec, hacking, building and breaking things, and all.

If anyone can share good reads below, that would be great help. Thanks

Curious if anyone here has done a deeper case study on it. This video intrigued me a ton btw: https://youtu.be/-xC3WIjjBnU?si=tzmlBfsf8sURCWE_

I'm using an old phone as a password/secret store. The phone is an Android from a well-known brand, has no SIM, mobile data, wifi and bluetooth are all turned off, airplane mode is turned on. In other words no wireless connections. The one wired connection is USB-C for charging. I'm using the original branded charger; no surprises there. Srong password on the lockscreen and all other lock types (pattern, fingerprint) turned off. I use one tried and tested password manager app and have not installed any other apps.

Is there anything else I can do to lockdown/harden this device? Any other ideas for a completely disconnected/isolated password/secret store?

ČVUT (Czech Technical University in Prague) has opened up its 14-week, hands-on, intense, and practical cybersecurity course to anyone in the world. It's free, online, and in English. The syllabus covers both red teaming and blue teaming, with live classes on YouTube and a certificate of completion at the end. There's also a professional track for those who want an EU-recognized official Certificate.

Registration is open until September 15th o/

I just received a marketing email from a 'smart' product I bought 8-10 years ago that I haven't had any occasion to interact with that company since then, I actually thought they were out of business as they were a Kickstarter and I didn't think they actually made it.

I dug up their product a few days ago, was charging it as I thought I might have a use for it again (if it could hold a charge), it's a 'smart' toothbrush. I was going to use it on my dog if it still worked. The brush couldn't hold a charge, so I threw it out.

I know this might be a reach, does anyone here think our 'smart' IOT products are polling/monitoring our home network activity to gather marketing/advertising data on the household the product is in? We all know Alexa and Google Assistant are doing this via the auditory survailance they conduct to trigger 'smart' product behavior. But does anyone know of or think that some smart devices are monitornig your home network traffic (WiFi or perhaps even Bluetooth) to gather advertising intel? As data harvesting/brokering is a massive industry, I could see how this would be happening. But I'm wondering if I'm just paranoid or if anyone here actually knows of cases where this is occurring?

https://www.linkedin.com/posts/efiw_ai-cybersecurity-llm-activity-7364300513812627457-hC6A?utm_source=share&utm_medium=member_desktop&rcm=ACoAAFXTBbsBkh8lYiyW_zqQG_5BsLm88k1C8qM

Fall out from Oracle Cloud-Health breach continues.

Hi guys, I send out a weekly newsletter with the latest cybersecurity vendor reports and research, and thought you might find it useful, so sharing it here.

All the reports and research below were published between August 11th - 17th.

You can get the below into your inbox every week if you want: https://www.cybersecstats.com/cybersecstatsnewsletter/ 

General cybersecurity trends reports 

Blue Report 2025 (Picus)

Empirical evidence of how well security controls perform in real-world conditions. Findings are based on millions of simulated attacks executed by Picus Security customers from January to June 2025. 

Key stats: 

• In 46% of tested environments, at least one password hash was successfully cracked. This is an increase from 25% in 2024.
• Infostealer malware has tripled in prevalence.
• Only 14% of attacks generated alerts.

Read the full report here.

2025 Penetration Testing Intelligence Report (BreachLock)

Findings based on an analysis of over 4,200 pentests conducted over the past 12 months. 

Key stats: 

• Broken Access Control accounted for 32% of high-severity findings across 4,200+ pen tests, making it the most prevalent and critical vulnerability.
• Cloud misconfigurations and excessive permissions vulnerabilities were found in 42% of cloud environments that were pen tested.
• APIs in technology & SaaS providers' environments saw a 400% spike in critical vulnerabilities.

Read the full report here.

Federal Cyber Priorities Reshape Security Strategy (Swimlane)

A report looking at the effects of recent U.S. federal cybersecurity cutbacks. 

Key stats: 

• 85% of security teams have experienced budget or resource-related changes in the past six months.
• 79% of IT and security decision-makers say federal defunding has increased overall cyber risk.
• 79% of UK IT and security decision-makers say growing US cybersecurity instability has made them more cautious with US-based vendors.

Read the full report here.

Global Tech Outages: The High Price of Small Errors (Website Planet)

A study exploring six decades of global tech outage data to reveal the patterns behind these breakdowns (their root causes, common oversights, and the rising financial losses of simple errors).

Key stats: 

• Security breaches are identified as one of the five most frequent root causes of major tech outages, collectively accounting for nearly 90% of all major outages alongside software bugs, configuration issues, database errors, and infrastructure failures.
• When combined with configuration and deployment errors, security breaches account for 34% of outages.
• Security incidents have resulted in an estimated cumulative $29.4 billion in losses from the 38 incidents considered in the dataset.

Read the full report here.

Ransomware 

Targeted social engineering is en vogue as ransom payment sizes increase (Coveware)

Report based on firsthand data, expert insights, and analysis from the ransomware and cyber extortion cases that Coveware manages each quarter.

Key stats: 

• The median ransom payment in Q2 2025 reached $400,000, which is a 100% increase from Q1 2025.
• Data exfiltration was a factor in 74% of all ransomware cases in Q2 2025.
• The industries hit hardest by ransomware in Q2 2025 were professional services (19.7%), healthcare (13.7%), and consumer services (13.7%).

Read the full report here.

AI

The Insider AI Threat Report (CalypsoAI)

Insights into how employees at enterprises are using AI tools. 

Key stats: 

• 42% of security professionals knowingly use AI against company policy.
• More than half of the U.S. workforce (52%) is willing to break policy if AI makes their job easier.
• 35% of C-suite executives said they have submitted proprietary company information so AI could complete a task for them.

Read the full report here.

Securing the Future of Agentic AI: Building Consumer Trust through Robust API Security (Salt Security)

Research into how organizations and consumers are already using agentic AI.

Key stats: 

• Nearly half (48%) of organizations currently use between 6 and 20 types of AI agents.
• Only 32% of organizations conduct daily API risk assessments.
• 37% of organizations have a dedicated API security solution.

Read the full report here.

The Future of AppSec in the Era of AI (Checkmarx)

A report on how AI‑accelerated development is reshaping the risk landscape.

Key stats: 

• Up to 60% of code is being generated by organizations using AI coding assistants.
• Only 18% of organizations have policies governing AI use.
• 81% of organizations knowingly ship vulnerable code.

Read the full report here.

Nearly Half of Employees Hide Workplace AI Use, Pointing to a Need for Openness and Policy Clarity (Laserfiche)

Survey findings on AI adoption in the workplace.

Key stats: 

• Nearly half of employees are entering company-related information into public AI tools to complete tasks and concealing their AI use.
• Nearly half of employees (46%) admit to pasting company information into public AI tools.
• Only 21% of Millennials and 17% of Gen Z avoid using unofficial AI tools at work. 

Read the full report here.

Identity security

Identity Security at Black Hat (Keeper Security)

A survey into identity security conducted at the Black Hat USA 2025.

Key stats: 

• Just 27.3% of organizations surveyed had effectively implemented zero trust.
• 30% of respondents cited complexity of deployment as a top obstacle to zero trust implementation.
• 27.3% of respondents cited integration issues with legacy systems as a top obstacle to zero trust implementation.

Read the full report here.

OT

The 2025 OT Security Financial Risk Report (Dragos)

A report providing statistical modeling that quantifies the potential financial risk of OT cyber incidents and estimates the effectiveness of key security controls.

Key stats: 

• Indirect losses impact up to 70% of OT-related breaches.
• Worst-case scenarios for global financial risk from OT cyber incidents are estimated at as much as $329.5 billion.
• The three OT cybersecurity controls most correlated with risk reduction are: Incident Response Planning (up to 18.5% average risk reduction), Defensible Architecture (up to 17.09%), and ICS Network Visibility and Monitoring (up to 16.47%).

Read the full report here.

MSPs

The State of MSP Agent Fatigue in 2025 (Heimdal)

Research into what’s driving alert fatigue among MSPs. 

Key stats: 

• 89% of MSPs struggle with tool integration.
• 56% of MSPs experience alert fatigue daily or weekly.
• The average MSP now runs five security tools.

Read the full report here.

Geography-specific 

Data Health Check 2025 (Databarracks)

Insights from an annual survey of 500 IT decision-makers based in the UK. 

Key stats: 

• 17% of organisations hit by ransomware in the past year paid the ransom. This figure is down from 27% in 2024 and 44% in 2023.
• Organisations are now more than three times more likely to recover from backups than pay the ransom.
• 24% of organisations have a formal policy never to pay a ransom. This figure is double the figure from 2023

Read the full report here.

Industry-specific

10th Annual State of Smart Manufacturing (Rockwell Automation)

A 10th annual report based on insights from more than 1,500 manufacturing leaders across 17 of the top manufacturing countries.

Key stats: 

• 61% of cybersecurity professionals plan AI adoption as manufacturing faces increasing cyber risks.
• Among external risks to manufacturing, cybersecurity is ranked highly at 30%, coming in second only to inflation and economic growth, which stands at 34%.
• 38% of manufacturers intend to utilize data from current sources to enhance protection, making cybersecurity a leading smart manufacturing use case.

Read the full report here.

The State of Network Security in Business and Professional Services (Aryaka)

A report on networking and security challenges and trends in business and professional services.

Key stats: 

• 72% of senior IT and infrastructure leaders in the business and professional services industry identified improving application and SaaS performance as their top strategic networking and security priority.
• 66% identified securing SaaS and public cloud apps as a top networking and security challenge.
• Only 38% of business services leaders view edge security as "mission-critical".

Read the full report here.

Hi all,

I’m conducting a short research survey for InfoSec professionals who approve third-party software/assets before they enter a secure network. It only takes 5 minutes!

Prize: One lucky participant will win a £50 Amazon voucher. Follow me on LinkedIn to see who wins.

Your input will help shape a platform to automate security vetting workflows and reduce manual risk assessments.

Take the survey here: https://docs.google.com/forms/d/e/1FAIpQLSczxEAiRddAd1RvrZX-hecnNw6umrzgwsuPhep-Ld7CfM681Q/viewform?usp=dialog

Hey r/Infosec!

We’re building a free platform for interactive security awareness training — and we’d like your feedback on where to take it next.

Most awareness courses are just slide decks or videos, which don’t build real defensive skills. We’re taking a different approach: a 3D interactive office environment where you handle realistic incidents in real time.

Scenarios include:

• Inspecting a suspicious email and spotting phishing indicators
• Handling a scam phone call (vishing) under pressure
• Downloading a malicious file and seeing the consequences unfold

The goal isn’t just “compliance training” — it’s to make the knowledge stick through realistic simulation.

It’s 100% free. Right now, there are 4 sample exercises on our site, with more on the way. We’d love to hear what other attack vectors, social engineering tactics, or security scenarios you think we should add. And overall feedback about our approach to training :D

Try the ransomware attack simulation: https://securityawareness.online/exercises/ransomware
Full catalog (3 more free exercises): https://securityawareness.online/

How many more?