Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Queen City Con 2025 highlighted identity, cloud risk, and detection gaps. Learn why defaults and identity sprawl, not zero-days, are still the greatest security threat.

Since at least May 2023, a financially motivated cyber-crime network has been operating a phishing campaign primarily abusing Google Ads, and occasionally Microsoft Ads to drive traffic to credential-harvesting websites. This campaign – part of which was named “Payroll Pirates” by SilentPush – has remained active, with periodic updates to tactics and target rotations.

Assigning remediation tasks across an enterprise organization can feel like navigating a maze of inconsistent tags, overlapping teams, and unclear ownership. It’s one of the most persistent operational challenges in vulnerability and exposure management, and one of the biggest barriers to speed. Each scanner and cloud platform comes with its own tagging logic. One system uses ProductOwner, another productowner. Some tags are outdated, others duplicated, and many have no clear purpose.

We’re proud to share that Nucleus Security has been named a Challenger in the inaugural 2025 Gartner Magic Quadrant for Exposure Assessment Platforms (EAPs) — recognized for our completeness of vision and ability to execute. This marks a significant milestone not only for Nucleus, but for the evolution of our entire industry. For the first time, Gartner has formally recognized Exposure Assessment Platforms as a distinct category.

The MITRE ATT&CK framework is one of the most widely adopted and respected resources in the field of cyber threat intelligence. Serving as a common language for security professionals across industries and departments, it provides a consistent and structured way to describe adversary behavior.

Remote access has become essential. However, for most industrial organizations, it’s also become the most dangerous blind spot in their cybersecurity posture. The tools many teams still rely on VPNs, jump servers, and shared logins that were never built for today’s OT and IT environments. These legacy systems were designed decades ago, when connectivity was simpler and threats were fewer.

In today’s hyper-connected world, organizations face an unprecedented challenge: securing the explosive growth of connected devices across their networks. From laptops and smartphones to IoT and OT systems, the device ecosystem is expanding at a pace that traditional tracking and protection methods cannot keep up with.

Having a strong cybersecurity foundation is essential for every organization today. Even a small gap can become an open door for cybercriminals, leading to costly damage and data loss. This is why every organization needs a solid security strategy based on proper threat assessment and other key elements. But what exactly does threat assessment in cybersecurity mean? Let’s find out everything in detail in this blog.

Large language models take in unstructured data. They transform it into context, embeddings, and answers. That journey touches raw files, vector stores, model logs, and third-party services. Traditional privacy programs focus on databases and forms. LLMs push risk to the edges. The riskiest moments are when you ingest messy content, when your system retrieves chunks to support an answer, and when an agent with tool access is tricked into over-sharing.

Eric O’Neill, former FBI ghost and author of “Spies, Lies & Cybercrime,” joins host David Puner to take a deep dive into the mindset and tactics needed to defend against today’s sophisticated cyber threats. Drawing on O’Neill’s experience catching spies and investigating cybercriminals, the conversation explains how thinking like an attacker can help organizations and individuals stay ahead.