Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We're excited to announce our new partnership with Friends Against Scams, a National Trading Standards initiative working to protect people from scams across the UK. Together, we've created a cybercrime factsheet to help individuals understand the threats they face online, who is most at risk, and where to turn for support.

Alert fatigue is quietly draining security teams, slowing response times, and increasing business risk. As cyber threats rise and alerts multiply, organisations need smarter prioritisation and actionable intelligence, not more noise.

Last week, OpenAI released Privacy Filter, an open-weight model for detecting and redacting PII in text. It is a thoughtful release: Apache 2.0 licensed, able to run locally, designed for high-throughput workflows, and built to go beyond regex-based detection. This is good news for everyone building enterprise AI. Privacy at the model layer is getting real attention. What we liked most was how clearly OpenAI described the role of the model.

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.

Cyber risk used to be the kind of problem you could delegate. Something for the CISO, the IT team, and maybe an external auditor to worry about once a year. That comfort zone is gone. In the last decade, a new reality has set in: a single cyber incident can erase hundreds of millions of dollars in market value in a matter of days, derail strategic plans, and permanently rewrite how investors see a company.

For years, the defensive side held the asymmetric advantage over threat actors. Writing exploits requires a deep understanding of how memory corruption works, how authentication tokens can be forged, etc. That knowledge gap is what made it hard to exploit a vulnerability. LLM proliferation lowered that floor and quickly removed that advantage. Even script kiddies can now carry out cyberattacks like APTs without understanding POC.

You can easily split the room in half if you mention autonomous pentesting in a room full of security professionals. One-half will argue it’s the most important shift in offensive security to date, capable of solving the challenge of monitoring attack surface expansion faster than any manual pentester can prove it secure. The other half will push back hard.

On April 28, 2025, a massive power outage affected large areas of the Iberian Peninsula and parts of southern France. Traffic lights, elevators, point-of-sale systems, and many mobile phone and internet networks suddenly stopped functioning. Subways and parts of the rail network ground to a halt. Industrial production and numerous service businesses were interrupted for several hours to a full day.

Understand where short-lived credentials reduce risk in agentic systems and where operational complexity requires stronger monitoring and governance controls.