Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 4, 2025, The Australian Financial Review reported on a set of credential abuse attacks targeting multiple Austrian superannuation funds. These attacks were not breaches of the infrastructure of those companies, but compromises of individual customer accounts via stolen credentials. How were those customer credentials stolen?

The Network and Information Security (NIS) directive was introduced in 2016 to outline cybersecurity obligations across the EU and enable operational resilience for in-scope organizations. In 2020, the European Commission proposed the directive’s revision, which led to the formal adoption of NIS 2 in 2022. ‍ In this guide, we answer the common question of organizations impacted by the directive—What is NIS 2?

ISO 27001 is a globally recognized standard for building robust information security management systems (ISMS). The standard is closely aligned with NIS 2—a mandatory EU directive designed to fortify the cybersecurity posture of critical infrastructure among Member States. ‍ These two frameworks form a unique symbiotic relationship due to the potential overlap in the requirements and controls.

The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas, invisible Unicode characters in obfuscated JavaScript, and anti-debugging scripts to thwart inspection. This blog takes a closer look at these methods to better understand how this kit is evolving and what defenders should be aware of.

Among the many threats of fraud and theft that organizations face, lookalike domains have emerged as a significant threat to online security and trust-based relationships. These domains, cleverly crafted to mimic legitimate websites, pose a serious risk to the security and trust inherent in online communications.

The Node ecosystem is built on a foundation of trust — trust that the packages you npm install are doing what they say they do. But that trust is often misplaced. Over the past year, we’ve seen a disturbing trend: a rising number of malicious packages published to npm, often hiding in plain sight. Some are crude proof-of-concepts (PoCs) by researchers, others are carefully crafted backdoors.

Disclaimer: Don't get me wrong, I love using generative AI daily for research and writing. This is about how other users could be using it when they don't know what they don't know and are accidental in their actions to hurt the organization where they work. Shadow IT has always lived in the background of organizations' environments with unapproved apps, rogue cloud services, and forgotten BYOD systems. Like all technology, the Shadow IT ecology is evolving.

Illumio’s recent Global Cost of Ransomware Study found that 64% of Australian companies hit by ransomware had to shut down operations as a result. Additionally, 43% of these organizations reported a significant loss of revenue, and 39% lost customers as a result of an attack. Most respondents indicated that reputational damage has overtaken regulatory fees as the most costly effect of a ransomware attack.

Enhance your threat detection, investigation, and response by integrating Microsoft Defender for Endpoint data with Elastic Security. Many security teams often find it difficult to detect and respond to threats because of fragmented visibility and isolated endpoint data. This challenge led to the development of extended detection and response (XDR), which integrates endpoint insights with contextualized data from networks, cloud environments, and identity systems.

A compromise (CVE-2025-30066) was discovered in the popular GitHub Action tj-actions/changed-files on March 14, 2025. It impacted tens of thousands of repositories that use this action to track file changes. This blog will explain how Falco Actions can easily be integrated into your workflows to help detect this CI/CD attack and provide in-depth visibility. Falco Actions is an open-source project that monitors your CI/CD workflows for potential threats in real time, leveraging the OSS tool Falco.