Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Scattered Spider–style attacks increasingly target airline loyalty accounts, where stolen credentials can be used to hijack frequent flyer accounts and redeem miles for fraud. Investigations associated with the Scattered Spider ecosystem show how attackers manipulate impersonation campaigns, phishing infrastructure, and account recovery workflows to gain control of customer accounts. For airline security teams, the lesson is not limited to one threat group.

Google Photos is a popular app by Google to store, share, sync, and backup your photos, albums, and keep your memories in the cloud. Like Google Drive and its lack of privacy features, many are wondering whether Google Photos and privacy are possible with a Photos account.

Sure, they would vastly prefer targeting organizations in the opponent’s supply chain (which is why new requirements like CMMC are absolutely crucial), but every organization that is affiliated with or operates in the adversary’s territory becomes a target no matter how large or small.

As organizations manage sensitive data across endpoints, cloud platforms, and a growing number of SaaS applications, having clear visibility into where data lives and how it moves has become increasingly important. For companies operating in highly sensitive and IP driven environments, the ability to understand data access and respond quickly to risk is essential.

The real challenge for MSPs isn’t growth, it’s scaling effectively. As MSPs increase their client base and expand their service portfolios, managing multiple tools, consoles and vendors becomes progressively more complex, impacting operational efficiency and margins. In many cases, this isn’t the result of poor decision-making, but rather the evolution of the business.

Permission creep rarely looks dangerous at first. It starts as a temporary fix, such as granting an admin role to unblock a deployment. Over time, those temporary decisions become permanent standing permissions. The result is an AWS estate littered with high-privilege roles that sit idle for months, expanding your attack surface without anyone actively noticing. It takes organizations an average of 277 days to identify and contain a breach.

Across the Webex link is the 3PAO team sent to pass judgment on your adherence with FedRAMP 20x. Like all auditors, they're diligent, professional, and particularly unnerving when they’re trying to be disarming. It’s the first interview where you explain what the product does.

Matthew Smith is a vCISO and management consultant specializing in cybersecurity risk management and AI. Over the last 15 years, he has authored standards, guidance and best practices with ISO, NIST, and other governing bodies. Smith strives to create actionable resources for organizations seeking to minimize technological risk and increase value to customers.

For SaaS providers, trust is a core part of the offering. Customers rely on software platforms to process data, support business operations, and integrate with wider technology ecosystems. As a result, demonstrating effective security and governance controls using frameworks like SOC 2 has become an increasingly important requirement when selling to enterprise customers. SOC 2 has emerged as one of the most widely recognised frameworks for demonstrating product security assurance.

On March 12, 2026, Veeam released fixes for multiple high and critical severity vulnerabilities in their Backup & Replication product that could allow remote code execution (RCE), privilege escalation, and credential theft. Arctic Wolf has not identified publicly available proof-of-concept exploits for these vulnerabilities, nor have we observed any exploitation.