Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zeek is a powerful open-source network analysis tool that allows users to monitor traffic and detect malicious activities. Users can write packages to detect cybersecurity events, like this GitHub repo that detects C2 from AgentTesla (a well-known malware family). Automating summarization and documentation using AI is often helpful when analyzing Zeek packages.

A SOC of the future is a resilient SOC that fosters a collaborative and proactive cybersecurity approach with a modern technology foundation. At the core of the SOC of the future is a unified threat detection, investigation, and response (TDIR) platform, representing the real-world requirements for how tools contribute to the SOC’s mission and strategy, providing integration and efficient process execution. The foundation for the unified TDIR platform is a modern SIEM.

The 2024 Verizon Data Breach Investigations Report (DBIR) found that compromised credentials consistently appeared as a key attack enabler – with almost 77% of web app breaches enabled by stolen credentials. Organizations are scrambling to protect credentials, and Just-In-Time (JIT) access has emerged as an effective strategy to address these challenges. JIT access grants elevated permissions only when necessary, minimizing the attack surface and reducing the risk of unauthorized access.

For the second year in a row, TMCnet, a global, integrated media company, has recognized WatchGuard EPDR + Zero-Trust Application Service with a Zero Trust Security Excellence Award. The award recognizes the leaders and pioneers in the zero trust industry offering the most innovative and effective solutions.

The Domain Name System (DNS) is a fundamental component of the Internet, translating human-friendly domain names into IP addresses that computers use to communicate. While its primary function is straightforward, DNS servers play a crucial role in both the performance and security of online activities.

APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance security? Bybit might just have the answer. Bybit—one of the world’s leading cryptocurrency exchanges— recently leveraged the power of an API in the wake of a devastating security breach that resulted in a staggering $1.5 billion loss.

On 11 February 2025, a Telegram user called ExploitWhispers shared a ZIP file to a Russian-language Telegram channel. The user claimed that this file contained the internal Matrix chat logs of the BlackBasta ransomware group and was captured between 18 September 2023 and 28 September 2024. The user also shared information about some of the BlackBasta members, including one of the operation’s admins, the group’s administrator, and leader Oleg Nefedov.

Cyjax monitors and analyses the initial access broker (IAB) market on the most prominent cybercriminal forums. As noted in Cyjax’s 2024 IAB market in review, it is almost certain that extortion groups, APTs, data brokers, and other threat groups use IABs to gain initial access to targeted networks. Though at first glance it is not immediately obvious how important the IAB market is to the threat landscape, Cyjax has conducted a deep analysis of public IAB listings and extortion group DLSs.

Security Operations Centre (SOC) analysts are at the forefront of cybersecurity defence, managing thousands of alerts every day. The overwhelming volume of these notifications makes it increasingly difficult to distinguish legitimate threats from false positives, leading to analyst burnout and operational inefficiencies. Studies show that up to 62% of alerts are ignored, resulting in missed threats and the further weakening of an organisation’s security posture.

As we stand on the brink of the agentic AI revolution, it’s crucial to understand the profound impact AI agents will have on how people, applications and devices interact with systems and data. This blog post aims to shed light on these changes and the significant security challenges they bring. It’s important to note that given the rapid pace of advancements in this field, we could not have anticipated many of the challenges discussed here just a few months ago.