Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Operational technology (OT) underpins everyday life by providing the networks and systems required to deliver and maintain key services. These critical infrastructures are increasingly targeted by threat actors, causing public disruption and reputational and financial damage. OT security plays a vital role in redressing this threat, but it must be implemented strategically to be effective.

Developers now chart courses through environments as dynamic and unpredictable as open skies, plotting efficient courses through shifting clouds of technology to reach ambitious goals. Increasingly, AI assistants are copilots on these journeys—streamlining workflows, reducing repetitive tasks, and enabling teams to navigate more complex terrain with speed.

Keeping a large production system healthy often feels like changing airplane engines while in flight. At Egnyte, we still operate several sizeable Java monoliths that run inside Apache Tomcat. All high-severity Common Vulnerabilities and Exposures (CVEs) need to be patched quickly—sometimes in a matter of days—to maintain the uncompromising security posture our customers expect.

KAWA4096, a ransomware whose name includes "Kawa", the Japanese word for "river", first emerged in June 2025. This new threat features a leak site that follows the style of the Akira ransomware group, and a ransom note format similar to Qilin’s, likely an attempt to further enrich their visibility and credibility. In this blog post, we’ll share key insights from an analyzed KAWA4096 sample to uncover how this ransomware operates and what sets it apart.

Email threats aren’t slowing down. From credential phishing to malware-laced attachments, email remains one of the most exploited entry points for attackers. If you’re already using Mimecast to help mitigate that risk, you’re ahead of the curve — but raw log data only gets you so far. Starting with Graylog 6.2.3, you can pull logs directly from Mimecast using API v2.0 and view them immediately with built-in Illuminate Dashboards.

Trustwave is making Executive Business Reviews (EBR) available to its client base. EBRs are a methodology designed to deepen Trustwave's already strong client relationships by helping clients stay informed as to their current security status, regional and sector-related threats, security costs and optimization opportunities.

SQL injection attacks remain one of the most dangerous and frequently exploited web vulnerabilities—even in today’s age of secure coding and DevSecOps. Despite widespread awareness, attackers continue to target database-driven applications using clever payloads that evade surface-level defenses. The challenge isn’t just that SQL injections still work—it’s that many organizations don’t detect them until it’s too late.

Welcome to the chaos. You’ve been told you need a SIEM. Maybe it was your CISO. Maybe it was your auditor. Maybe your SOC is tired of stitching together logs with duct tape and Python scripts. Doesn’t matter — you’re now on the SIEM buying journey. Congratulations… and condolences. Let’s walk through how to actually buy your first SIEM without lighting your budget (and your team’s morale) on fire.

For organizations operating in the cloud, visibility is everything. You need a reliable source of truth to answer “who did what, when, and where,” whether you’re investigating a security incident, chasing compliance goals, or monitoring operational activity. Enter the Sumo Logic CloudTrail App, your go-to solution for transforming raw AWS CloudTrail logs into meaningful, actionable insights.

Arctic Wolf has recently observed a widespread phishing campaign targeting multiple organizations by abusing Microsoft 365’s Direct Send feature—a feature designed for internal email delivery without requiring authentication. Threat actors can identify valid domains and recipients, then send spoofed emails that appear to originate from internal domains—often impersonating the user themself—without needing credentials or access to the tenant.