Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The companies winning with AI aren’t just deploying agents faster - they’re operationalizing them responsibly. They realize AI agents are creating a new, dynamic attack surface that traditional tools were never designed to handle. These agents span the entire enterprise ecosystem. Microsoft 365 Copilot, Copilot Studio, and Salesforce Agentforce are SaaS‑managed agents. GitHub Copilot, Cursor, and Claude desktop run directly on user devices as device‑based agents.

AI is no longer a futuristic concept – It has now become the core of how modern businesses are operating. Starting from chatbots to analytics, generative content to automation, AI is across every sector of business. As AI usage increases, the risks and regulation are also increasing.

Our threat-hunting team just uncovered a mass-produced remote DNS-manipulation campaign that hijacked an entire nameserver (NS) delegation belonging to a Fortune 500 company. Within hours, the attacker used that foothold to create over 9,500 brand-new subdomains, all resolving to the same criminal infrastructure serving illicit gambling pages.

The cybersecurity industry is intensely competitive. Thousands of vendors are locked in a daily battle for market share, deploying technologies that can become outdated almost as quickly as they’re released. But unlike most industries, we’re not just competing with each other. We’re also up against a shared adversary. So, here’s the uncomfortable question: if our real fight is against attackers, why aren’t we doing more to work together?

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. The Silver Fox threat actor group, also associated with attacks attributed to Void Arachne and Great Thief of the Valley, is a relatively new, most likely China-based threat group that has emerged as a significant player in advanced persistent threat (APT) campaigns.

AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can introduce a complex web of networking requirements, operational considerations, and architectural decisions that require careful management to maintain security.

A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes. Notably, the emails contain "mailto" links rather than traditional URLs, which help the phishing messages avoid being flagged by security filters. "Instead of linking to a phishing website, which is most common with emails like this, both the ‘Report this user’ and ‘Remove your email address’ links are mailto links," the researchers write.

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.

Any organization that’s undergone a security transformation knows the promise of zero trust network access (ZTNA): secure, least-privilege access to private applications, anywhere, on any device. But turning that promise into operational reality is often far from simple. Between fragmented tools, complex configurations, and sprawling environments, implementing ZTNA can quickly become a manual, time-consuming, and error-prone process.

Large language models (LLMs) are transforming enterprise operations, but their growing use introduces a critical security challenge: securing how they access sensitive data and integrate with existing tools. This is where Model Context Protocol (MCP) servers become a vital, yet often overlooked, part of AI security. These servers act as the crucial link, enabling LLMs to securely connect with diverse data sources and tools, significantly expanding attack surfaces that demand our immediate attention.