Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today’s security operations centers (SOCs) are under more pressure than ever. The number of alerts is growing. Threats are more complex. And security teams are expected to detect, investigate, and respond to incidents faster, all while grappling with talent shortages and limited resources. Generative AI is emerging as a critical enabler in this environment.

As a security executive, how do you know if your organization can detect a certain attack? A talented, experienced team armed with advanced tooling can certainly generate confidence — but even then, detections can slip through the cracks if not properly codified.

Splunk is pleased to announce the general availability of Splunk Enterprise 10.0 and Splunk Cloud Platform 10.0, the most secure, stable, and modernized platform for a digitally resilient, compliance-ready future. The Splunk 10 platform is the next evolution of data security. With the latest cryptographic models and more performant data pipeline management, Splunk 10 delivers continued momentum in search & indexing, dashboard visualization, and ease of compliance administration.

The cybersecurity landscape witnessed a perfect storm in July 2025 when multiple critical SharePoint vulnerabilities collided with sophisticated IIS module-based persistence techniques, creating a nightmare scenario for enterprise defenders. CVE-2025-53770, CVE-2025-53771, CVE-2025-49704, and CVE-2025-49706 are being actively exploited by sophisticated threat actors, but the real danger extends far beyond the initial exploitation phase.

The cybersecurity community is facing yet another critical infrastructure vulnerability that threatens enterprise networks worldwide. CVE-2025-5777, dubbed "CitrixBleed 2" by security researcher Kevin Beaumont, represents a dangerous out-of-bounds memory read vulnerability in Citrix NetScaler ADC and Gateway devices. This new flaw bears an unsettling resemblance to the original CitrixBleed (CVE-2023-4966), which was widely exploited by ransomware groups and nation-state actors in 2023.

Social engineering attacks continue to be among the most effective methods for delivering malware and compromising systems. Among these, a concerning trend has emerged and rapidly gained traction: "ClickFix" and "FakeCAPTCHA" campaigns. These sophisticated attacks exploit users' familiarity with everyday verification systems while leveraging clipboard manipulation techniques to deliver malicious payloads—all without exploiting a single technical vulnerability.

Key takeaways Cyber threats today are anything but simple. With attackers using every trick in the book — and inventing new ones all the time — businesses need more than a one-size-fits-all approach to cybersecurity. You require diverse cybersecurity solutions to face a variety of threat vectors. These threats are diverse, evolving, and target multiple layers of your IT environment.

In today’s digital environments, where cloud infrastructure, remote work, and third-party tools are the norm, the number of ways attackers can reach your systems are infinite. These potential entry points make up your attack surface. Understanding it is the first step toward defending it. As companies adopt more cloud services, mobile endpoints, and third-party apps, attack surfaces continue to grow — making visibility and management more critical than ever.

XWorm, a popular and actively distributed remote access trojan (RAT), has steadily evolved into a versatile tool in the cybercriminal toolkit. Known for its robust feature set, ranging from keylogging and remote desktop access to data exfiltration and command execution, XWorm continues to attract threat actors due to its ease of use, modularity, and frequent updates by its developers.

Software installer packages are a cornerstone of user-friendly software distribution. Tools like Inno Setup, NSIS (Nullsoft Scriptable Install System), and InstallShield help developers bundle their applications into a single, streamlined installer that users can run with just a few clicks. These installers often include everything needed to set up a program, files, configurations, and even system dependencies, making software installation seamless and accessible.

In this article, we’ll analyze how threat actors exploit TLS to hide their operations and how defenders can use exposed certificate metadata to detect them. We will discuss: Let’s get started! (This article is part of our Threat Hunting with Splunk series. We’ve updated it recently to maximize your value.)

Many Splunk Enterprise Security users are benefiting from machine learning (ML) without even realizing it. Splunk Enterprise Security quietly uses ML-driven anomaly detection to spot unusual patterns or outliers in your security data that static rules or thresholds might miss.

We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.