Industry News: ESG5

2025-11-26

CSO Online: A seasonal surge in malicious activity combined with alliances between ransomware groups led to a 41% increase in attacks between September and October. Cybercriminal group Qilin continues to be the most active ransomware paddlers, responsible for 170 of 594 attacks (29%) in October, NCC Group reports.

Read more...

2025-11-26

SecurityWeek: Founded in 2023 by veteran cybersecurity experts, Opti has built an AI-native identity and access management (IAM) platform. The company’s solution is powered by a context-aware engine that continuously monitors access and risks across identities and applications, enabling security teams to define, govern, and protect identities.

Read more...

2025-11-25

Investment News: The Securities and Exchange Commission has levied a $325,000 penalty against M Holdings Securities for failing to maintain adequate cybersecurity safeguards across its nationwide network of member firms, marking the latest enforcement action targeting inadequate information security practices in the wealth management industry.

Read more...

2025-11-24

TechCrunch: Several U.S. banking giants and mortgage lenders are reportedly scrambling to assess how much of their customers’ data was stolen during a cyberattack on a New York financial technology company earlier this month.

Read more...

The Target:​ Checkout operates checkout.com and is a global payment processing firm that provides a unified payments API, hosted payment portals, mobile SDK, and plugins to use on existing platforms.

The Take: Checkout says the threat actor, known as ShinyHunters, gained access to a third-party legacy system that had not been properly decommissioned, which held merchant data from 2020 and earlier, including internal operational documents and onboarding materials

The Vector: Upon investigation, Checkout determined that this data was obtained by the threat actor gaining unauthorized access to a legacy third-party cloud file storage system, used in 2020 and prior years.

This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.

Read more...

2025-11-20

Yahoo Finance: The Securities and Exchange Commission said it was dropping a landmark civil fraud case against SolarWinds and Tim Brown, the company’s chief information security officer. 

Read more...

2025-11-19

Forbes: You’ve heard it before: Security is no longer a luxury or nice-to-have—it’s an operational imperative. But has your organization really taken the necessary steps needed to protect itself?

Read more...

2025-11-19

SecurityWeek: Chronosphere explains that its platform enables teams to “zero in on the data that’s most useful” and provides insights into every layer of their stack — from the infrastructure to the applications to the business.

Read more...

2025-11-18

PR Newswire: Nudge Security, the leading innovator in SaaS and AI security governance, announced Series A funding of $22.5 million led by Cerberus Ventures with participation from existing investors Ballistic Ventures, Forgepoint Capital, and Squadra Ventures.

Read more...

2025-11-18

CFO Dive: Financial industry CFOs have faced an “an unprecedented tightening of cybersecurity oversight” in recent years, with new rules from entities such as the Federal Trade Commission and the New York State Department of Financial Services, according to the report.

Read more...