It’s a well-known fact that threat actors use stolen personal data for many purposes ranging from launching phishing attacks, gaining access to an employer, or very commonly using credit card information to make purchases. What has also become somewhat common in the last eight or so years is using stolen information to support grander illegal enterprises like supplying air and hotel travel at heavily reduced prices via dark web travel agencies.

Compliance today isn’t just about ticking boxes or avoiding penalties, it’s a direct reflection of your organization’s security maturity. Many modern compliance frameworks now mandate regular testing for network vulnerabilities, which remain one of the leading causes of security breaches. In fact, in 2024, nearly 70% of reported incidents were linked to high-impact vulnerabilities that organizations failed to identify or prioritize.

Remote Monitoring and Management (RMM) tools are essential for IT operations, but their powerful capabilities and trusted status within enterprise networks have also made them valuable to threat actors. In the second half of 2024 and first quarter of 2025, we uncovered a recurring pattern during a series of cyber forensic investigations and threat detections impacting two US-based organizations and one UK-based organization.

More than one in ten people who were targeted by job scams this year fell victim, according to a report from Resume.org. Younger people, particularly young men, are more likely to fall victim. “In total, 14% of those who received a job scam text fell victim,” the report says. “Younger workers are more likely to have fallen victim to the scam. “Twenty percent of Gen Zers fell for a job scam, followed by 16% of millennials, 10% of Gen Xers, and just 4% of boomers.

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.

In many sports, but especially soccer, a team has a set of offensive players and defensive players. The offensive players look for ways to compromise the opposing team’s defenses, seeking to get the ball in the goal. Meanwhile, the defenders work hard to push back against the opponent’s offensive line to clear the ball from the goal line. On a security team, your defenders are the blue team.

Autonomous agents are changing the way we think about security. Not in the distant future, right now. These systems (intelligent, self-directed, and capable of making decisions) are starting to play an active role in the SOC. They’re not only collecting data; they’re analyzing it, correlating alerts, prioritizing risks, and even initiating response actions. This is Agentic AI, and it makes people nervous. In security, autonomy often gets mistaken for loss of control.

Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. Here’s how it works, why it’s so stealthy, and what you can do to stay ahead of it.

Code reuse has become a foundational practice in modern software development. Some estimates suggest that over 80% of developers today re-use existing code, rather than writing code from scratch, when building software applications. This trend is largely due to the open-source movement, as one might call it. There exists a massive, ever-growing public repository of open-source libraries, frameworks, and components.