Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Phishing threats remain one of the most common and effective attack methods. Research shows it contributes to over 34% of confirmed breaches. The financial impact is significant as well, with credential-related breaches averaging $4.76 million per incident. And despite years of security awareness training, nearly a third of employees still click on simulated phishing emails. Why does phishing work so well? Attackers exploit gaps in visibility, speed, and user behavior.

Imagine security data and analytics like a carnival’s hall of mirrors. From convex mirrors that show you a shorter, squatter version of something to the concave mirrors that show a highly magnified image, you see the same object in multiple ways. Every view gives you a different insight and provides a unique vantage point. Online Analytical Processing (OLAP) systems are different mirrors that allow security teams to create focused analytics models for different insights about your security posture.

Nearly everyone has had “that cold,” the one where most symptoms have resolved except that lingering cough. The cough can continue for weeks or months, all while you feel mostly well across the board. In cybersecurity, an advanced persistent threat (APT) is your IT environment’s lingering cough, albeit a much more damaging one. An APT stealthily gains initial access to your company’s systems and networks, then hides within them to complete objectives.

CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting Microsoft SharePoint, a widely deployed enterprise collaboration and content management platform. In this blog, we will simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside Graylog.

Driving along on a dark highway late at night, you feel a jolt and hear a metallic crushing sound as your car hits an unknown object in the road. You nervously continue on your journey, until you see a bright light flashing on your dashboard. Your oil pressure is low because your car has been leaking oil since you hit that unknown object on the highway. Much like an unknown object in the road that leads to a slow leak, a network vulnerability can lead to a devastating data leakage or breach.

If your security priorities still center on CVSS scores and device vulnerabilities, you’re missing a significant piece of the risk puzzle. People. Attackers aren’t following your org chart. They’re targeting whoever gives them access. Enter the concept of Very Attacked People (VAPs): individuals in your environment who attract the most persistent, targeted attacks. And they’re not always the CEO or the CISO.

In many sports, but especially soccer, a team has a set of offensive players and defensive players. The offensive players look for ways to compromise the opposing team’s defenses, seeking to get the ball in the goal. Meanwhile, the defenders work hard to push back against the opponent’s offensive line to clear the ball from the goal line. On a security team, your defenders are the blue team.

Data lakes have evolved. Once treated as passive storage archives, they’re now becoming active components of enterprise risk management. The driver? Selective retrieval — the ability to park large data volumes in cold storage and later retrieve targeted slices for forensic or compliance needs. This shift matters. According to 2025 data from Cybersecurity Insights Group, 73% of enterprises report that SIEM ingestion costs are limiting their real-time analysis capacity.

Email threats aren’t slowing down. From credential phishing to malware-laced attachments, email remains one of the most exploited entry points for attackers. If you’re already using Mimecast to help mitigate that risk, you’re ahead of the curve — but raw log data only gets you so far. Starting with Graylog 6.2.3, you can pull logs directly from Mimecast using API v2.0 and view them immediately with built-in Illuminate Dashboards.

Over the last few years, news reports around ransomware attacks have noted that the attacks are increasingly sophisticated. Simultaneously, they say that the attackers are less sophisticated than in the past. While these two statements appear to conflict with each other, they are both true when viewed through the lens of the current cybercriminals business models.