Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With the holiday season all wrapped up (pun definitely intended), I finally have time to sit down and digest what we saw in the network traffic at Black Hat Europe 2025 while working alongside the other Network Operations Center (NOC) partners: Arista, Cisco, Jamf, and Palo Alto Networks. As usual, there is a mix of the expected, a dash of the unexpected, and some lessons for newcomers and greybeards alike. Let’s get into it.

Working at the Black Hat Network Operations Center (NOC) as a data scientist makes me a bit of an outlier (pun intended) among network engineers and hard-core threat hunters.

Why does traditional Kubernetes security fall short? Static scanners flag thousands of CVEs but can’t tell you which ones are actually loaded into memory and exploitable—only about 15% are loaded at runtime. Traditional tools also create siloed visibility, with CSPM, vulnerability scanners, and EDR each seeing only one slice of your environment. This makes it impossible to spot lateral movement or connect events across cloud, cluster, container, and application layers.

Internet traffic relies on the Border Gateway Protocol (BGP) to find its way between networks. However, this traffic can sometimes be misdirected due to configuration errors or malicious actions. When traffic is routed through networks it was not intended to pass through, it is known as a route leak. We have written on our blog multiple times about BGP route leaks and the impact they have on Internet routing, and a few times we have even alluded to a future of path verification in BGP.

Cloudflare Radar already offers a wide array of security insights — from application and network layer attacks, to malicious email messages, to digital certificates and Internet routing. And today we’re introducing even more. We are launching several new security-related data sets and tools on Radar.

By the end of 2026, over 90% of all credential compromise attacks are estimated to be enabled by modular Phishing-as-a-Service (PhaaS) kits like the sophisticated, global threat, Kratos. This aggressive platform has already begun reshaping the threat landscape. At its core, Phishing-as-a-Service (PhaaS) is a malicious cloud-based service that allows easier deployment of phishing attacks and faster updating of features as compared to traditional phishing and malware attacks.

OneDrive is the most popular cloud storage for Windows due to its easy integration in the Microsoft ecosystem. However, like most big tech companies from the US, there are concerns about how these companies use, secure, and keep your data private, leading many to wonder is OneDrive safe if you want to store photos, documents, or videos in privacy.

We’re proud to share that WatchGuard has once again been recognized by the CRN as a 5-Star Award recipient in the 2026 CRN Partner Program Guide. This marks the tenth consecutive year WatchGuard has earned this prestigious distinction, an achievement that underscores our unwavering commitment to delivering a partner-first approach and empowering MSPs with the tools, support, and innovation they need to succeed.

Anthropic's Claude Code Security launch sent shockwaves through cybersecurity markets. As GitGuardian's CEO, here's why I believe the real battle has shifted from code vulnerabilities to identity and secrets management in the AI era.

The classic external penetration testing takes a systematic approach that includes reconnaissance, enumeration, validation, and proof-of-concept exploitation. Enterprise security teams deploy comprehensive suites of tools across the entire application, offering full lifecycle testing, which loses value when the toolchain isn’t purpose-built for each testing phase.