According to the newly released 2025 Security Budget Benchmark Report by IANS Research and Artico Search, average security budgets grew by only 4% year-over-year, half the 8% growth recorded in 2024 and the slowest rate in five years.

The slowdown comes amid a turbulent global economy shaped by geopolitical instability, tariff uncertainties, inflation, and fluctuating interest rates. The report notes that companies are becoming more cautious in their spending, with cybersecurity budgets feeling the pinch more than in previous years.

One of the clearest consequences of the slowdown is in hiring. Only 47% of CISOs reported a budget increase this year, down from 62% in 2024, while 39% saw no change at all. Staffing growth has also slowed to 7%, its lowest level in four years.

Just 11% of security leaders say their teams are adequately staffed, with the remaining 89% reporting that they are stretched thin. 

“Despite most companies identifying cyber as a top five business risk, most CISOs are not receiving budget increases commensurate with the increase in security program scope,” said Steve Martano, IANS faculty and partner at Artico Search.

Security budgets lose ground to IT spending

For the first time in five years, security budgets as a percentage of IT spending have dropped, from 11.9% to 10.9%. While overall IT spending is climbing, driven largely by investments in AI and cloud infrastructure, security allocations are no longer keeping pace.

“Security is being treated like any other business unit — its budget is largely a reflection of the macro environment and organizational goals,” explained Nick Kakolowski, senior research director at IANS.

This shift marks the end of a steady upward trend in cybersecurity investment, suggesting a move from large-scale projects to optimization of existing systems rather than significant expansion.

Implications of the slowdown

The implications of a cooling cybersecurity budget are far-reaching.

With the attack surface continuing to grow and cyberattacks becoming more complex, underfunded teams risk falling behind in their ability to defend against threats. The slowdown also compounds the ongoing talent shortage in the industry. Without adequate staffing, even the most advanced tools may fail to deliver their full potential, leaving organizations vulnerable.

Some organizations are turning to AI-powered tools to fill gaps, handling routine tasks like alert triage or basic threat detection, so human analysts can focus on higher-value work. But experts warn that AI alone won’t solve staffing shortages and often requires significant upfront investment.

As Martano put it, “The downstream effects of this are real and include reduced team morale, delayed or stalled initiatives, and a growing gap between the company’s risk appetite and operational security.”

These budget constraints are just one of many challenges cybersecurity professionals face today. Explore the other pressing concerns keeping security leaders up at night.

The post Cybersecurity Budget Growth Hits Five-Year Low as Economic Pressures Mount appeared first on eSecurity Planet.

In 2025, some of the most respected names in cybersecurity are offering powerful tools at no cost. If you’re looking for solid protection without opening your wallet, you’re in the right place. I tested and reviewed the top free antivirus products available today, focusing on real-world performance, usability, and overall value.

Here are the best free antivirus tools for 2025… and what you need to know before installing one.

• Bitdefender Antivirus Free
• Avast One Essentials
• AVG AntiVirus Free
• Malwarebytes Free
• McAfee (Free Trial)

Bitdefender Antivirus Free

Best for: Users who want reliable, hands-off protection with zero interruptions

Bitdefender’s free edition is a lightweight version of its award-winning antivirus engine. It provides strong real-time protection without requiring configuration or constant interaction.

Pros:

• Consistently high malware detection scores from independent labs
• Minimal system impact, even during scans
• Clean, distraction-free interface
• Automatic updates and protection out of the box
• Very low false-positive rate

Cons:

• No control over advanced protection settings
• No firewall or password manager in the free version

Pro tip: If you’re setting up a PC for a parent, grandparent, or non-technical user, Bitdefender Free offers hassle-free protection that runs quietly in the background with no maintenance required.

Final verdict: A top performer that consistently ranks high in independent lab tests. If you want quiet, set-it-and-forget-it protection, this is your best bet.

Avast One Essentials

Best for: Users looking for all-in-one protection with extra tools like VPN and system tune-up

Avast One Essentials is the free version of Avast’s full security suite. It includes antivirus, a basic VPN, a firewall, and system performance tools, making it one of the most feature-rich free options on the market.

Pros:

• Real-time malware, spyware, and ransomware protection
• Includes limited VPN and firewall tools
• Offers device cleanup and performance optimization
• Intuitive, modern dashboard design
• Compatible with Windows, macOS, Android, and iOS

Cons:

• VPN is limited to 5 GB per week
• Avast has previously faced scrutiny for data privacy practices

Pro tip: Use Avast’s built-in performance scan to free up memory and optimize boot times while protecting against malware. It’s a rare combo of utility and security in a free tool.

Final verdict: Avast’s free version delivers impressive value with a broad set of features. Great for users who want more than just malware protection.

AVG AntiVirus Free

Best for: Users who prefer a classic antivirus interface with strong core protection

AVG shares the same antivirus engine as Avast but offers a different interface and branding. It focuses on solid core protection without the extras, though some bonus features are still included.

Pros:

• Excellent malware and phishing protection
• Performance scan tool helps optimize system speed
• File shredder for secure file deletion
• Custom scan scheduling available
• Fewer ads and upsell attempts compared to Avast

Cons:

• Lacks VPN and firewall in the free version
• User interface hasn’t been updated recently

Pro tip: Enable custom scheduled scans during low-usage hours (like overnight) to maintain security without impacting your system’s daytime performance.

Final verdict: A dependable, no-frills antivirus that performs well where it counts. A strong pick for users who want reliable malware defense without extras.

Malwarebytes Free

Best for: Users who need to clean up infected devices or add a manual scanner to their setup

Malwarebytes Free is a powerful, on-demand malware scanner, ideal for removing infections after they occur. Unlike others on this list, it does not offer real-time protection unless upgraded to the paid version.

Pros:

• One of the best scanners for rootkits and advanced malware
• Fast scan times compared to traditional antivirus
• Excellent at detecting ransomware and zero-day threats
• Simple, streamlined interface with no clutter
• Low false positive rate for manual scans

Cons:

• No real-time protection in the free version
• Should not be used as your only antivirus

Pro tip: Keep Malwarebytes installed as a second-opinion scanner. Run a weekly manual scan to catch threats your real-time antivirus might have missed.

Final verdict: One of the best tools for post-infection cleanup. It’s not a full replacement for antivirus, but it’s an essential second layer of protection.

McAfee (Free Trial)

Best for: Users who want to test full-suite protection before committing to a paid plan

While not a permanently free product, McAfee’s 30-day trial of its full security suite allows users to test advanced features, including antivirus, VPN, identity protection, and a password manager.

Pros:

• Access to full suite, including real-time antivirus, firewall, and VPN
• Includes identity protection and a secure password manager
• Protects multiple devices during the trial
• Clean interface and centralized controls
• Excellent anti-phishing and web protection scores

Cons:

• Trial expires after 30 days
• May slow down older systems during scans

Pro tip: Use the 30-day trial during high-risk activities, such as international travel or large file transfers, then reassess your needs before the trial ends to avoid auto-renewal.

Final verdict: Not truly free, but the trial is generous and well worth considering if you want to test a full suite of tools before committing.

Methodology

To find the most trustworthy free antivirus tools, we focused on what users actually need. Each product was evaluated based on key factors including:

• Protection: Strong detection rates against malware, ransomware, and phishing
• Usability: Easy to install, simple to manage, clear alerts and settings
• Performance: Low impact on system speed during scans and daily use
• Free value: Ongoing protection without requiring payment or trial expiration
• Trust: Transparent privacy policies and a solid reputation in the industry

These criteria helped us highlight antivirus software that’s free, effective, and worth installing.

Which free antivirus software is best for you?

Free antivirus software has come a long way. The best options in 2025 deliver meaningful protection with few compromises. Whether you’re a student, remote worker, or simply looking to secure a home PC, there’s a trustworthy free tool that fits your situation.

• Top recommendation: Bitdefender Antivirus Free.
• Best feature set: Avast One Essentials.
• Essential add-on: Malwarebytes Free.

You don’t need to pay for solid protection. But you do need to choose wisely.

The post Free Antivirus Software Face-Off: Which One Protects Best? appeared first on eSecurity Planet.

At Black Hat 2025, Microsoft outlined what it takes to outsmart the world’s top-tier hackers.

From dismantling silos to building a real-time threat feedback loop, leaders from Microsoft’s threat intelligence, incident response, and hunting teams revealed how they operate as a unified front to outpace malicious actors like Star Blizzard and Mint Sandstorm. The result is a system built for speed, scale, and precision.

“We know exactly the roles and responsibilities,” said Andrew Rapp, senior director of Microsoft Incident Response. “It’s like we share a central nervous system.”

That level of coordination isn’t accidental; it’s the product of years of refinement, real-world pressure, and a deep culture of practice.

Building muscle memory before the breach

In Microsoft’s world, incident response starts long before an alert goes off. It begins with clearly defined roles, repeated exercises, and hard conversations that many organizations still avoid.

Aarti Borkar, Microsoft’s corporate vice president of Security Customer Success and Incident Response, emphasized that having a plan isn’t enough. Teams must rehearse it until the plan becomes second nature.

“Practice, practice, practice until it’s perfect,” she said. “Have someone come in and do a compromise assessment. Know what decisions you’re going to make before you’re in the middle of a crisis.”

That preparation extends far beyond technical playbooks. Effective teams, she noted, are ready to manage legal, regulatory, and executive decisions under pressure. Microsoft’s teams train for that alignment. The goal is to create what Borkar described as a “well-oiled machine,” where responders act on instinct.

However, that level of coordination remains the exception rather than the norm. Rapp pointed to a common disconnect among companies between planning and execution.

“Only 26% of organizations have an incident response plan and have actually rehearsed it,” he said. “It’s like having a gym membership and never going to the gym.”

Without practice, he added, even the best-laid plans fall apart under pressure.

What Microsoft wants every organization to know

All that preparation pays off the moment an incident begins. When Microsoft gets dropped into an active breach, there’s no time to waste. Threat actors today move faster than ever.

“Dwell time used to be measured in months or even years,” said Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy. This refers to the period between when a threat actor first gains access to a network and when they are detected or removed.

She added: “Now, we’re talking about 72 minutes [of dwell time].”

That urgency demands real-time coordination between intelligence, hunting, and response teams. Microsoft’s internal feedback loop acts like a relay. Threat intelligence analysts like Simeon Kakpovi map the broader adversary landscape, then pass rapid, actionable insights to incident responders.

“We put together a cheat sheet to hand over to these guys,” Kakpovi said. “That lets them cut down how long it takes to find adversary behaviors.”

Sophisticated attackers do their homework. They know who has access, how a network is structured, and what assets matter most. Often, by the time defenders realize what’s happening, the intruder already has the keys to the kingdom. That’s why Microsoft’s teams are trained to think like the enemy.

“Threat actors think in graphs,” DeGrippo said. “Defenders think in lists. You have to think like an attacker to beat one.”

This mindset, combined with relentless preparation and the ability to move at machine speed, is what allows Microsoft to stop threats before they spiral. It’s not just about response. It’s about anticipation, precision, and making sure the adversary never gets a second move.

For more Black Hat coverage, read this chilling warning from a former New York Times cyber reporter.

The post Inside Microsoft’s Real-Time War Against Cybersecurity Threats appeared first on eSecurity Planet.

We asked a simple question to cybersecurity pros at Black Hat 25: What keeps you up at night?

Their answers cut through the noise, surfacing urgent concerns about evolving threats, weak organizational readiness, and an uncertain future. But one theme rose above the rest: AI is accelerating everything. Infrastructure grows faster, attacks land quicker, and defenders are racing to keep up.

The consensus? Defenses are lagging, while the risks continue to intensify.

When the machines move faster than we do

AI is rapidly transforming cybersecurity, empowering defenders and supercharging attackers alike. According to IBM’s 2025 Cost of a Data Breach Report, 13% of organizations reported security incidents involving AI models or applications; of those, 97% lacked proper access controls at the time of the breach.

Tools like generative AI are fueling faster, more convincing phishing and social engineering campaigns. Meanwhile, defenders scramble to update training, policies, and incident response playbooks to match the speed of change.

Ken Phelan, chief technology officer of Gotham Technology Group in New York City, sees this acceleration as a fundamental infrastructure problem.

“We’re creating assets faster than we can manage them,” Phelan told TechRepublic. “The infrastructure world is moving faster than compliance. We’re in a world of containers and automation, and security is lagging behind.”

He described it as a “velocity problem” — one where organizations are forced to move quickly but lack the visibility and control to do so safely.

That challenge is front and center for Rana Khurram, head of InfoSec GRC at C&R Software in Ontario, Canada.

“Organizations don’t have proper guidance or controls in place,” Khurram told TechRepublic. “Deepfakes could be used to impersonate our COO and trick the accounting team into releasing funds.”

The speed of AI innovation is stretching security management to its limits.

“From the managing perspective,” he added, “we’re just trying to keep up with it all.”

Facing the unknown: ‘Don’t panic, but prepare’

For some cybersecurity professionals, the greatest concern is the sheer unpredictability of what AI will bring next. That uncertainty weighs heavily on Jared Currie, IT security manager at Claro Enterprise Solutions in Miramar, Florida.

“Right now, it’s the unpredictability of what the impact will be,” Currie told TechRepublic. “We all have ideas about how we think it will impact things, but we’re thinking in limited terms. I think this will introduce new ways and avenues of data flow and interaction.”

Currie said deepfakes are both a workplace threat and a broader concern with political and societal implications. And while ransomware remains a pressing issue, he said it’s AI’s unknown ripple effects — from hiring needs to defense priorities — that make it harder to plan.

His advice: don’t panic, but prepare.

“There’s no point in worrying about the unknown. Do what you’re doing — keep your defense in depth, focus on what you can control. And as new technologies emerge, be ready to adapt.”

In the end, it’s still people making the mistakes

For all the conversation around AI, deepfakes, and automation, one person reminded us that the oldest vulnerability in cybersecurity is still the most persistent: people.

Joseph Resendes, a cybersecurity intelligence student in his final semester at Embry-Riddle Aeronautical University, pointed to user behavior as a lingering and underestimated threat.

“It’s the people,” Resendes said. “A lot of folks in the industry don’t really know the kinds of attacks hackers use. Phishing emails still get through because they appear to be coming from a boss or executive. Someone clicks to try to be helpful — and just like that, they’ve launched a remote access trojan.”

While technical controls are in place to reduce the damage, Resendes believes the real problem is a failure to learn from past mistakes.

“We have mechanisms in place to stop employees from making mistakes, but users don’t always learn from them,” he said. “Hackers love to prey on that lack of knowledge.”

Resendes’s comments echo a common truth across cybersecurity: no matter how advanced the tools become, human error remains one of the most exploitable gaps.

The post Black Hat 2025: What Keeps Cyber Experts Up at Night? appeared first on eSecurity Planet.

Speaking Thursday at Black Hat USA 2025, Nicole Perlroth, former New York Times reporter and founding partner of Silver Buckshot Ventures, warned that digital threats have outpaced traditional defenses. Malware has gone quiet and autonomous. Ransomware operates like a subscription service. Artificial intelligence has begun to distort reality itself.

She explained that cyber threats have moved beyond networks, now targeting public discourse, critical systems, and democracy itself.

“But now the threats are being automated by AI and deployed at scale,” Perlroth explained. “The question is not whether we can stop them. It’s if we even have the courage to try.”

Perlroth urged the security community to define red lines, protect what matters most, and understand that courage will shape the future.

When the headlines fade, the threats remain

Perlroth spoke from experience. As a cybersecurity reporter for The New York Times, she spent a decade covering the escalation of digital conflict. These stories often made front pages, then quietly disappeared. But the incidents, she argued, were not anomalies. They were warnings.

Soon after she joined the Times, the newsroom was hacked. Journalists were expected to defend themselves from nation-state attackers. From that point on, the threats kept mounting: malware hidden in takeout menus, wiper attacks on Iran and Saudi Arabia, the Sony breach that attempted to silence a media company, and the DNC hack that shaped public discourse.

“What it really was,” Perlroth said, “was an assault on the First Amendment.”

Over time, the scope of attacks widened. Ransomware crippled hospitals. Spyware intimidated reporters. Cybercriminals leaked sensitive corporate data to apply pressure. The attacks grew bolder, the stakes higher, and the human toll more visible.

“I had a front-row seat to the human cost,” she noted. “And every time it got worse.”

Yet, the industry repeatedly moved on. These were not edge cases, Perlroth warned — they were stress tests. And adversaries were paying attention.

A new kind of cyber war, powered by AI

Perlroth’s warning extended beyond historical failures — it focused on the future.

Artificial intelligence is rapidly changing the rules of engagement. Hackers are already using AI to identify business-critical assets, craft convincing phishing lures, and automate psychological manipulation. Some groups, she said, are training chatbots to apply maximum pressure during ransomware negotiations.

Meanwhile, defenders are falling behind. Agentic workflows are being targeted. AI models like Claude are already winning hacking competitions. Still, Perlroth insisted, the outcome is not inevitable.

“We can still steer AI,” she said. “But the window is narrow, and it’s closing fast.”

Despite the stakes, she expressed cautious optimism. New technologies are emerging that can detect deepfakes in real time, scan third-party risk at scale, and democratize security for under-resourced businesses. More importantly, she said, this field is driven by people who step up to defend, not destroy.

“The only way out is through,” Perlroth concluded. “And the only way through is with courage.”

The post Former New York Times Cyber Reporter Issues Chilling Warning at Black Hat appeared first on eSecurity Planet.

The “Scam Call Protection” tool is now available in the US through the NordVPN mobile app, marking a significant expansion of the company’s efforts to protect digital privacy. The feature is designed to alert users to potentially fraudulent calls before they answer, helping them avoid common scam traps — from impersonation to investment fraud. 

How scam call protection works

According to NordVPN, Scam Call Protection works by analyzing incoming call metadata, not the content of the calls themselves. It then checks the number against a real-time threat database and issues a warning if the number appears suspicious.

There is no need to install a separate app. The feature is integrated within the NordVPN Android app and is part of the Threat Protection Pro suite, which is available to users with a Premium plan. Importantly, the feature works whether or not users are actively connected to a VPN server.

To activate the feature, users open the NordVPN app, navigate to the “Threat Protection” section, enable the Scam Call Protection toggle, and follow prompts to adjust Android settings. Once enabled, the app automatically flags suspicious numbers as “Potential scam” during incoming calls.

“Our mission has always been to protect people’s digital lives,” said Mykolas Dumcius, chief product officer at NordVPN, in a blog post. “Scam Call Protection extends that promise by offering users a way to defend themselves from phone-based scams — without compromising privacy.”

Scam calls are more than just a nuisance. Many lead to phishing attacks, identity theft, and financial fraud, often targeting vulnerable individuals. NordVPN’s move comes at a time when scams are hitting record highs, with the FBI’s Internet Crime Complaint Center (IC3) reporting a 33% increase in losses from scams in 2024, totaling $16.6 billion.

Available now, but only for US Android users

Currently, Scam Call Protection is only available to US-based Android users with a NordVPN Premium subscription. However, the company has hinted that expansion to iOS and other regions is on the roadmap. 

The company plans several future updates to enhance the Scam Call Protection feature. These include:

• Caller ID identification: Helping users distinguish legitimate numbers from strangers.
• Category labeling: Tagging calls by sector (e.g., finance, healthcare, services).
• User reporting: Allowing subscribers to flag scam numbers and contribute to a growing scam database.

With scam calls on the rise and traditional filters struggling to keep up, NordVPN’s move to protect mobile users from fraudulent calls appears both timely and necessary. While it’s unlikely to eliminate all scam calls, the early warning system could be the extra shield people need, especially when tired, distracted, or caught off guard.

The post NordVPN Rolls Out Scam Call Protection for Android Users in the US appeared first on eSecurity Planet.

Cybercriminals target small businesses precisely because they expect you to cut corners on security… and they’re usually right. If your team is still sharing passwords over email or storing them in a spreadsheet, you’re leaving the front door wide open.

A good password manager changes that. It secures your logins, simplifies sharing, and gives you control over who has access to what — without slowing your team down.

Here are six password managers worth your time (and budget):

• 1Password
• Norton Password Manager
• Bitdefender Password Manager
• Keeper Business
• LastPass Business
• Dashlane Business

1Password

Best for: Small teams that want powerful security with room to scale

Visit 1Password

1Password is the gold standard for small business password management. With its intuitive interface, shared vaults, and admin controls, it’s built for security-conscious teams that need room to grow. It’s particularly useful for teams with remote or hybrid workflows, thanks to seamless device syncing and zero-knowledge encryption.

Pros

• Clean interface and simple onboarding
• Granular access controls and audit logging
• Works across all major devices and browsers

Cons

• No free plan
• Slightly more advanced than some teams may need

Pricing: $19.95 per month for 10 users (Teams Starter Pack)

Pro tip: Use guest accounts to securely share logins with clients or contractors, without giving full access.

Final verdict: 1Password is the best all-around password manager for small businesses that care about security, usability, and future-proofing.

Norton Password Manager (via Norton Small Business)

Best for: Norton customers who want basic password protection included

Visit Norton

Norton’s password manager is included in its business security bundles, making it a practical option if you’re already in the Norton ecosystem. While it lacks advanced features, it serves as a reliable first step toward improving credential hygiene for small teams.

Pros

• Comes bundled with Norton 360
• Clean, intuitive interface
• Decent password generator and auto-fill

Cons

• Limited team sharing or admin tools
• Only available with Norton products

Pricing: Included with Norton Small Business (starts at $99.99 per year for five employees)

Pro tip: Already using Norton antivirus? You may already have access to this. Turn it on and start securing credentials today.

Final verdict: A smart choice for small businesses already using Norton, especially for those who need basic password security without an added monthly fee.

Bitdefender Password Manager

Best for: Small businesses using Bitdefender GravityZone or Total Security

Visit Bitdefender

Bitdefender’s standalone password manager is lightweight, secure, and great for businesses already relying on Bitdefender’s security suite. It’s an ideal add-on for businesses that want password protection without adding another vendor or dashboard to manage.

Pros

• User-friendly interface
• Works across devices and browsers
• Excellent encryption and vault protection

Cons

• Limited team features unless bundled with enterprise tools
• Best as an add-on, not standalone

Pricing: $1.49 per month for individuals; business features available in GravityZone plans

Pro tip: Pair with Bitdefender GravityZone to combine device protection and password security under one plan.

Final verdict: A simple, effective option for Bitdefender customers who want streamlined password protection with minimal setup.

Keeper Business

Best for: Businesses in regulated industries with strict compliance needs

Visit Keeper

Keeper stands out for its enterprise-grade encryption, compliance support, and secure messaging — all packaged for small teams. With support for HIPAA, SOC 2, and other standards, it’s built for businesses that can’t afford a single security slip.

Pros

• User-friendly UI and fast onboarding
• Dark web monitoring and breach alerts
• Helpful reports for admins

Cons

• Pricier than others for small teams
• Limited offline access

Pricing: The Business Starter plan starts at $10 per user, per month (minimum of five users).

Pro tip: Use KeeperChat for internal messages that need to stay private — it’s encrypted end-to-end.

Final verdict: A top-tier pick for businesses that handle sensitive or regulated data. Trusted by finance, healthcare, and legal teams alike.

LastPass Business

Best for: Small teams that need shared vaults and centralized access control

Visit LastPass

LastPass is one of the most widely known names in the space, and its business product delivers all the essentials: shared vaults, admin controls, and seamless user management. It’s particularly effective for businesses that want simple, scalable access policies across multiple departments or teams.

Pros

• Secure password sharing
• Admin dashboard and policy controls
• Ideal for hybrid and remote teams

Cons

• Breach history may concern some users
• Slightly higher price per seat

Pricing: Starts at $4 per user, per month (minimum five users)

Pro tip: Use policy templates to auto-assign security rules by department or role.

Final verdict: A strong all-around solution for growing teams, especially if you value flexible sharing and centralized management.

Dashlane Business

Best for: Non-technical teams that want strong security and easy onboarding

Visit Dashlane

Dashlane makes business-grade password security easy, with tools your whole team can actually use. This includes dark web alerts and password health scores. Its user-friendly design is ideal for small businesses with limited IT resources or varying digital literacy levels.

Pros

• User-friendly UI and fast onboarding
• Dark web monitoring and breach alerts
• Helpful reports for admins

Cons

• Pricier than others for small teams
• Limited offline access

Pricing: Starts at $8 per user, per month

Pro tip: Enable Smart Spaces to help employees manage work and personal passwords separately, within the same account.

Final verdict: Ideal for small businesses with non-technical teams that still need strong security and visibility.

How we chose these tools

We selected password managers that meet the unique needs of small businesses. Each tool on this list was chosen based on:

• Strong security, including encrypted vaults and zero-knowledge architecture
• Team-friendly features, like shared vaults and admin-level access controls
• Ease of use, with intuitive setup and minimal IT requirements
• Scalability, so businesses can grow without switching platforms
• Cross-device compatibility, including desktop, mobile, and browser support

Only tools that checked all these boxes made the final list.

Which password manager is right for your business?

You don’t need enterprise tools to protect your business — you need the right tools.

If you want the best all-around solution, go with 1Password. If you’re already using Norton or Bitdefender, activating their password managers is a smart next step. And if your business needs easy onboarding or regulatory protection, Dashlane or Keeper are excellent choices.

Start protecting your passwords — and your business — today.

The post The 6 Best Password Managers for Small Businesses (Tested and Trusted) appeared first on eSecurity Planet.

Recent attacks targeting Microsoft SharePoint have escalated, with threat actors now deploying ransomware on vulnerable systems, according to Microsoft. This surge in malicious activity follows the release of multiple SharePoint security patches in July.  

An update published to Microsoft’s blog reads, in part: “Expanded analysis and threat intelligence from our continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware.”

Detailing the attack

At least three threat groups believed to be affiliated with China have been exploiting publicly known vulnerabilities in Microsoft SharePoint, according to Microsoft. These include the Linen Typhoon, Violet Typhoon, and Storm-2603.

The attackers exploited multiple weaknesses in on-premises SharePoint servers — including remote code execution (RCE), credential spoofing, and improper authentication — to gain unauthorized access. Once inside, they were able to infiltrate internal file systems and extra sensitive data that could be used for surveillance, impersonation, or extortion.   

Microsoft issued patches to address the affected vulnerabilities — CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771 — in two separate rounds of security patches in early and mid-July. Despite these efforts, the company warned that ransomware is now being deployed on unpatched systems, including by Storm-2603.   

Who is Storm-2603?

While Linen Typhoon and Violet Typhoon are already known to be China-based, Microsoft said it has “medium confidence” that Storm-2603 originates from China.

Regardless of where they’re located, Storm-2603 is known for their ransomware attacks. They have used LockBit and Warlock ransomware in the past, with the latter also being used for their most recent attacks against SharePoint.

What is Warlock ransomware?

According to Watchguard’s ransomware tracker, Warlock is classified as crypto-ransomware and was first detected in June 2025. As of this writing, there are nearly 20 known victims across the US, Canada, Germany, China, and several other countries.  

Microsoft Threat Intelligence identified several indicators of compromise (IOCs) that SharePoint administrators should monitor. These include a known IP address of 65.38.121.198, a file named IIS_Server_dll.dll that serves as a backdoor, and a series of web shells that are used by Storm-2603 to execute remote commands on the server.

How to protect your system from Storm-2603 and Warlock

Given the stealthy nature of Storm-2603 and their ransomware attacks, Microsoft recommends installing the latest security patches, using strong passwords, testing security configurations on a regular basis, and continuously monitoring your SharePoint server for any of the known IOC. 

The company also recommends the use of tools within Microsoft Defender, such as Vulnerability Management, External Attack Surface Management (EASM), and an active subscription to Microsoft Defender XDR subscription.

SharePoint continues its battle against hackers

With multiple vulnerabilities disclosed, rapid patch rollouts, and now active ransomware deployments, July has been a critical month for SharePoint users and defenders. While Microsoft continues to issue security fixes, the emergence of new attack vectors suggests that determined adversaries will likely keep probing for weaknesses.  

AI isn’t just a buzzword — it’s a weapon in the wrong hands. Learn how attackers are using it and how defenders can stay ahead.

The post Microsoft SharePoint Hackers Switch Gears to Spread Ransomware appeared first on eSecurity Planet.

Four major U.S. agencies have issued a joint cybersecurity alert warning about the escalating threat posed by the Interlock ransomware operation, which has increasingly targeted businesses, healthcare providers, and critical infrastructure entities across North America and Europe. The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released the alert Tuesday as part of the #StopRansomware initiative. The agencies emphasized Interlock’s rapid evolution and its focus on high-impact sectors, particularly healthcare.   

According to the advisory, Interlock emerged in September 2024 and has since launched financially motivated ransomware campaigns. The group employs a double-extortion model that involves both encrypting the victim’s system and stealing data, threatening to publish the stolen files if a ransom is not paid. 

The gang does not include ransom demands in its initial notes. Instead, victims are given a unique code and directed to a .onion URL on the Tor network, where ransom negotiations take place. 

Federal investigators say Interlock actors are opportunistic rather than targeting specific industries. Still, healthcare organizations have been frequent victims. Among the most high-profile victims are Kettering Health, a major Ohio-based healthcare system, and Fortune 500 kidney care company DaVita. 

How Interlock gains entry

The FBI described Interlock’s initial tactics as “uncommon” among ransomware groups, citing drive-by downloads from compromised but otherwise legitimate websites. In these cases, the attackers disguise malicious payloads as fake updates for Google Chrome or Microsoft Edge.

Interlock also uses social engineering methods. One such tactic involves “ClickFix,” which deceives users into executing malicious code under the pretense of fixing a system error. A variation called “FileFix” uses native Windows elements to deploy malware, including remote access trojans (RATs), while evading security detection. 

Once inside a system, Interlock deploys tools like Interlock RAT and NodeSnake RAT to maintain control, communicate with command-and-control (C2) servers, and execute further attacks. They also use PowerShell scripts to download credential-stealing malware, such as cht.exe and klg.dll, which capture usernames, passwords, and keystrokes. These credentials are then used for lateral movement across networks and can aid in escalating privileges through techniques such as Kerberoasting.

To extract data from cloud environments, the group exploits legitimate tools including Azure Storage Explorer and AzCopy. On Linux systems, Interlock has been observed deploying a rare ELF encryptor based FreeBSD, diverging from the more commonly seen VMware ESXi-focused ransomware payloads.

Protecting against Interlock attacks

To reduce the risk and impact of an Interlock ransomware attack, the federal advisory urges organizations to take the following steps:

• Implement DNS filtering to block access to malicious websites
• Use web application firewalls to filter harmful traffic
• Keep systems and software updated and patched
• Enforce multifactor authentication (MFA) for all accounts
• Segment networks to contain threats and prevent lateral movement
• Train employees to identify phishing and social engineering
• Maintain secure, offline, and immutable backups of critical data

For a full list of mitigations and to access free cybersecurity resources, organizations are advised to visit stopransomware.gov. If your organization has been affected by ransomware or suspects malicious activity, contact your local FBI field office or report to CISA via the agency’s Incident Reporting System.

Curious how a customer support portal became ground zero for a global data leak? Explore our full report on Dell’s breach and what World_Leaks is claiming.

The post Interlock Ransomware Targets Healthcare in Stealth Attacks, Say U.S. Cyber Agencies appeared first on eSecurity Planet.

Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated remote attacker to issue commands with root privileges, Cisco said in an advisory on July 17. 

Cisco released multiple patches for the issues, including an expanded fix for specific software versions.

The vulnerabilities were reported by Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae, working with Trend Micro Zero Day Initiative. 

The vulnerabilities allow for arbitrary code execution

Cisco’s patches address three vulnerabilities: CVE-2025-20281, CVE-2025-20337, and CVE-2025-20282. All are arbitrary code execution vulnerabilities, but they are not related to each other and do not need to be exploited together to be effective. 

CVE-2025-20281 and CVE-2025-20337 open up Cisco ISE and Cisco ISE-PIC to remote code execution. An attacker could submit a crafted API request that took advantage of the insufficient validation of user-supplied input. This could grant root-level privileges.

CVE-2025-20282 affects Cisco ISE and ISE-PIC Release 3.4. With it, an attacker could have uploaded a crafted file to the device. Due to a lack of file validation, the file could be placed in privileged directories, allowing the attacker to execute arbitrary code or gain root access. 

Cisco said it is not aware of any active exploitation of these vulnerabilities. 

How to patch the vulnerabilities  

Your Cisco ISE is patched against these vulnerabilities if it is running the following versions:

• Release 3.4 Patch 2
• Release 3.3 Patch 6 (with Release 3.3 Patch 7)

Cisco released hot patches prior to these, but they have been superseded by the versions listed above. The company has also provided guides on how to apply updates.

Other news from Cisco 

In related cybersecurity news, about a month ago Talos, Cisco’s security intelligence division, discovered a threat actor group using the promise of generative AI as a bait to distribute malware. The attackers used a spoofed version of a real business’ website to distribute the ransomware strain called CyberLock, which locked specific documents on the victims’ computer. The fake site promised a downloadable version of ChatGPT.  

Separately, in a broader push for cybersecurity education, Cisco in March launched a digital skills training initiative across the European Union. The free courses, offered through Cisco’s Networking Academy, aim to equip more individuals with essential skills in networking and cybersecurity.  

The post Cisco Patches Three Critical Vulnerabilities – Here are the Products Affected appeared first on eSecurity Planet.