Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From October 14–16, thousands of construction professionals will gather in Houston, Texas, for Procore Groundbreak 2025—one of the industry’s premier events for innovation and collaboration. Egnyte is proud to return as an exhibitor to showcase how our AI-powered platform integrates seamlessly with Procore to deliver smarter, more secure ways to manage project and business data.

On September 25, 2025, the npm package postmark-mcp, an MCP (Model Context Protocol) server intended to let AI assistants send emails via Postmark, was reportedly modified to secretly exfiltrate email contents by adding a blind-copy (BCC) to an external domain. Current analysis suggests the behavior began around 1.0.16 and persisted in later versions.

It only takes one mistake for an attacker to gain a foothold. One click on a phishing email, one missed patch, or one default password left in place is often all it takes. The problem is not just the initial mistake, but how far it spreads across your systems. This is why cyber risk is now considered the number one threat to business survival. The numbers tell the story. 60% of SMBs close within six months of a breach.

The modern automation stack makes it almost trivial to connect enterprise tools: By combining these, you can create an “AI agent” that reads a message in Slack, uses an LLM to classify or summarize it, and then creates a new ticket in YouTrack—all in minutes.

Public sector organizations face unprecedented cybersecurity challenges as artificial intelligence reshapes how adversaries launch attacks. Threat actors now use AI to execute large-scale, highly personalized phishing campaigns, automate the discovery of vulnerabilities, and evade detection faster than traditional defenses can respond.

The French luxury conglomerate, Kering, recently confirmed a data breach affecting millions of customers. As a Paris-based luxury group, it has a portfolio of houses in fashion and jewelry. Some of its stable brands include Alexander McQueen, Balenciaga, and Gucci. The cybercriminal group, ShinyHunters, claimed responsibility for the attack. Unlike traditional ransomware groups, which would encrypt the data, they usually monetize by extortion to sell the information on secret forums.

Attackers are abusing AI-powered development platforms like Lovable, Netlify and Vercel to create and host captcha challenge websites as part of phishing campaigns, according to researchers at Trend Micro. “Since January, Trend Micro has observed a rise in fake captcha pages hosted on such platforms,” the researchers write.

Researchers at Varonis warn of a new phishing automation platform called “SpamGPT” that “combines the power of generative AI with a full suite of email campaign tools.” While previous phishing kits have automated parts of the attack chain, SpamGPT’s sophistication sets it apart from the rest “SpamGPT’s interface and features imitate a professional email marketing service, but for illegal purposes,” Varonis writes.

Phishing is not new. But SpamGPT has changed the game by showing how AI can industrialize deception at scale. SpamGPT has quickly become the poster child for how attackers are using AI to industrialize old tricks. At its core, SpamGPT isn’t introducing a new kind of attack; it’s simply making phishing faster, cheaper, and more convincing. Phishing has always been about deception. But with AI generating endless, polished, and context-aware lures, the balance of power shifts.

Over the past decade, data has evolved from being an operational byproduct to becoming one of the most valuable assets of any business. The explosion of IoT devices, cloud applications, and AI-driven systems has generated unprecedented volumes of personal and non-personal data. Alongside this growth, regulations in the EU have progressed in step.