Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For organizations operating in the cloud, visibility is everything. You need a reliable source of truth to answer “who did what, when, and where,” whether you’re investigating a security incident, chasing compliance goals, or monitoring operational activity. Enter the Sumo Logic CloudTrail App, your go-to solution for transforming raw AWS CloudTrail logs into meaningful, actionable insights.

Arctic Wolf has recently observed a widespread phishing campaign targeting multiple organizations by abusing Microsoft 365’s Direct Send feature—a feature designed for internal email delivery without requiring authentication. Threat actors can identify valid domains and recipients, then send spoofed emails that appear to originate from internal domains—often impersonating the user themself—without needing credentials or access to the tenant.

Since at least February 2025, Arctic Wolf has observed Interlock Remote Access Trojan (RAT) being deployed via social engineering techniques. Recently, The DFIR Report published a technical analysis of the Interlock RAT being delivered via a social engineering technique dubbed “FileFix.” The name FileFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

BERT ransomware targets Windows and Linux platforms, TGR-CRI-0045 exploits leaked machine keys to access organizations, and XWorm evolves into a modular and evasive remote access trojan.

To address a rising attack vector: client-side JavaScript tampering on payment pages.

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired Trelica earlier this year. Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview.

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.

In my previous post, we explored the reasons and methods for safeguarding Microsoft Entra ID data using Veeam Backup & Replication. While having secure, encrypted backups is essential, their value diminishes if you can’t restore them when it matters most. In this post, we’ll dive into the recovery process step by step. If you’ll remember there are a number of object types within Entra ID that can be protected at this time and they are.