Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) have become integral to modern SecOps architecture and threat detection capabilities. However, the urgency of the situation is clear—attackers are deploying increasingly sophisticated techniques to bypass threat detection centered on these systems.

Implementing a Privileged Access Management (PAM) solution is an important step toward protecting your organization’s most sensitive data and systems. When executed correctly, PAM helps enforce the Principle of Least Privilege (PoLP), reduces your attack surface and gives security teams control over who can access what and when. However, how effective a PAM solution is depends on how it’s implemented.

Cybersecurity firm Trellix uncovered a sophisticated spear-phishing operation in late May 2025 that exploited NetBird, a legitimate open-source remote access platform, to infiltrate organizations worldwide.

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now contend with intelligent, adaptive attacks that evolve as fast as the technology they target.

Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. These installers were mainly MSI files that were delivered via phishing websites. Both the phishing pages and installers were in Chinese, indicating that the targets are Chinese speakers.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! It will only ever go upwards…

Every DevSecOps, cloud security and even AppSec team knows the feeling: scanners flag hundreds – sometimes thousands – of critical issues across your pipelines, environments and apps. But how many of those findings actually matter? How many represent real, immediate risk to applications running in production? The uncomfortable answer? Very few. At ARMO, we’ve seen firsthand how over 60% of security findings are irrelevant hypothetical risks that will never be exploited.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly. The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — it’s human. Employees routinely fall for phishing scams, mishandle sensitive data or unintentionally violate security policies. While most people don’t mean to cause harm, their behavior still introduces significant cyber risk to the organization.

AI is reshaping software development quickly. From boilerplate generation to test automation and refactoring, LLMs like the one behind Cursor are transforming how developers build. But with great power comes a new generation of vulnerabilities. At Mend.io, we’re excited to announce a native integration with Cursor, the IDE taking the dev world by storm.