Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol. “Social engineering, which exploits human error to gain access to systems or personal information, stands out as a prominent technique used by criminal actors in this context,” Europol says.

The physical conflict involving Iran that has played out in the Middle East over the last several days is expected to increasingly spill over into the cyber realm. According to the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), and other cybersecurity experts, organizations in the US should begin preparing for increased cyber attacks from pro-Irianian hacktivists and Iranian government-affiliated actors in the coming days and weeks.

Organizations often assume that restoring a backup to a patched environment eliminates threats. However, backups encapsulate both data and schema objects, including triggers. A compromised backup, often taken after an initial breach, may contain hidden triggers that reactivate the attacker’s access upon restore. This post explores how malicious triggers in compromised backups can serve as persistence mechanisms for attackers and how to mitigate this threat.

Most security tools generate alerts and leave the rest to you. Organizations are already drowning in noise, short on time, and stretched thin on security staff. WatchGuard Total MDR replaces noise with action by delivering the response your team doesn’t have time for. This fully managed, 24/7 MDR service continuously monitors detections across your environment across endpoint, network, identity, and cloud to take real action when threats strike.

When it comes to cybercrime, there are few threat actor tactics as useful and widespread as credential theft, and the subsequent use of stolen credentials, to maliciously gain access to an IT environment. As hybrid work models and the widespread use of web-based applications further the digitalization of corporate environments, user credentials have proliferated. In turn, credential theft has risen as a low-tech way for threat actors to gain easy access to target environments.

In mid-May 2025, Cloudflare blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps). This comes shortly after the publication of our DDoS threat report for 2025 Q1 on April 27, 2025, where we highlighted attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). The 7.3 Tbps attack is 12% larger than our previous record and 1 Tbps greater than a recent attack reported by cyber security reporter Brian Krebs at KrebsOnSecurity.

In Q2 2025, Scattered Spider has been noted as a prolific threat actor targeting several sectors across multiple countries. As of June 2025, the group appears to have moved towards targeting the insurance sector. This is not novel victimology within the landscape, with attacks consistently targeting the sector, particularly in the extortion sphere. This blog explores the attacks Scattered Spider has conducted in 2025, as well as similar attacks around the insurance sector in the year.

Most organizations assume a clear boundary between external users, who submit support tickets or service requests, and internal users, who handle them using privileged access. However, when an internal user triggers an AI action from a model context protocol (MCP) tool, such as summarizing a ticket, that boundary can break.

Technology plays a vital role in supplier networks and digital ecosystems today. While supply chains used to be primarily physical, digitalization has improved efficiency but also introduced new cybersecurity risks that are often overlooked. As software and digital service providers are often integrated into organizations’ environments, they have become prime targets for cybercriminals looking to scale their attacks.