Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

New research out of AhnLab documents the Cephalus ransomware group has been aggressively exploiting stolen Remote Desktop Protocol (RDP) credentials to break into networks and execute rapid, destructive encryption campaigns. The pattern is straightforward and brutal: credentials get you in, and once inside the attackers move fast to blind and break recovery.

Cyber attacks are often associated with cybercriminals, but how do they manage to breach organizations with high-tech security systems? There are always some loopholes left by mistake or through malicious intent that allow attackers to exploit vulnerabilities. This is known as an insider threat. The problem with insider threats is that they are difficult to spot and cause more damage because they come from trusted insiders with legitimate access.

Cyberattacks are becoming more frequent and advanced with each passing day. It won’t be enough to rely solely on automated security tools for protection against these attacks. You need to bring threat hunting into your security strategy. This proactive approach will help identify threats before they can cause real damage. In this blog, you will learn about the cyber threat hunting process, the professionals involved, and why it should be implemented in your company.

Earlier this week, The Australian broke the news that the Cyber Touhan hacking group stole classified plans for Australia’s new infantry fighting vehicles, a $7B AUD procurement program, in a massive cyber-attack targeting 17 Israeli defence contractors in the supply chain. The attack was carried out by targeting a downstream supplier, MAYA Technologies, exploiting vulnerabilities in their network and peripherals to gain access to sensitive data.

In Teleport 18, we’ve added official support to import Amazon EKS Audit Logs into Teleport Identity Security. This capability allows teams to have visibility into actions performed on Amazon EKS clusters when those actions were not executed via Teleport. Amazon EKS Audit Logs in Teleport Identity Security will be generally available in Teleport 18.3, coming November 2025. Your browser does not support the video tag.

Last week, Palantir filed a lawsuit in Manhattan federal court alleging that two former senior engineers used Slack to transfer confidential documents - including healthcare demonstration frameworks, revenue cycle diagrams, and customer deployment plans - the day after one of them gave notice. The documents were allegedly accessed later on a personal phone. The engineers had since joined Percepta, a competing AI startup backed by General Catalyst that emerged from stealth mode in October.

SessionReaper (CVE-2025-54236), an unauthenticated vulnerability in the Commerce REST API enables session takeover and possible RCE. If you run Adobe Commerce or Magento Open Source, this critical, pre-auth vulnerabilities can let attackers hijack customer accounts, manipulate orders, and in many real-world setups drop persistent PHP web shells on your servers.

For years, the cybersecurity industry has celebrated “more detections” as proof of effectiveness. Dashboards filled with alerts were seen as signs of vigilance and control. But in practice, the opposite is true: too many alerts create noise, fatigue, and blind spots that delay real responses. When analysts are buried under a flood of low-value detections, the attacker always moves faster.

On November 11, 2025, SAP published a security advisory as part of their November security patches, addressing a maximum severity vulnerability identified as CVE-2025-42890 in SQL Anywhere Monitor (Non-GUI) version 17.0. The vulnerability involves hard-coded credentials, which exposes system resources to unauthorized users and allows threat actors to execute arbitrary code without authentication.

The World Economic Forum (WEF) recently published an article on cyber resilience that resonates with conversations we have daily at Arctic Wolf. Their central argument — that organizations need to move beyond basic prevention toward comprehensive, measurable resilience — reflects what we’re hearing from business leaders across industries.