%term

Phishing Campaign Targets Executives With Phony Awards

Dec 16, 2025 By KnowBe4 Team In KnowBe4

A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware. “The campaign uses a high-value executive recognition lure, ‘Cartier Recognition Program,’ to target executives,” the researchers write.

Read Post

KnowBe4

Read more about Phishing Campaign Targets Executives With Phony Awards

Introducing WatchGuard's Zero Trust Bundle: Zero Trust for the Way You Work

Dec 16, 2025 By Bill Munroe In WatchGuard

Hybrid work, cloud apps, and constant connectivity have completely reshaped how people get things done. But they've also reshaped how attackers operate. Today, most breaches begin with fundamental issues: stolen credentials, compromised devices, or remote access tools that weren't designed for a world of distributed users. That's why WatchGuard is introducing the Zero Trust Bundle, a unified approach that secures people, devices, and access decisions every time someone connects to your business.

Read Post

WatchGuard

Read more about Introducing WatchGuard's Zero Trust Bundle: Zero Trust for the Way You Work

How Cyberhaven Uses Data Lineage to Revolutionize DLP

Dec 16, 2025 By Isa Jones In Cyberhaven

The concept of data loss prevention (DLP) is simple: stop sensitive information from leaving your organization through unauthorized channels. But in practice, traditional DLP solutions struggle to deliver on that promise. They rely on rigid rules, limited visibility, and a shallow understanding of how data is actually used. The result is missed threats, noisy alerts, and frustrated security teams.

Read Post

Cyberhaven

Read more about How Cyberhaven Uses Data Lineage to Revolutionize DLP

Ep 23: How to bootstrap your AppSec program

Dec 16, 2025 By Sumo Logic, Inc. In Sumo Logic

On this episode of Masters of Data, Adam sits down with Zoe Hawkins and David Girvin to talk AppSec programs that don't suck. David's hot take from his 1Password and Red Canary days? AppSec is a people problem, not a tooling problem—stop being the person devs dodge at standup. We cover the essentials: build relationships first, threat model based on actual business risk (not your anxiety), and ditch the "shift left" obsession with scanning everything. Instead, start with offensive testing that finds vulnerabilities attackers can actually exploit.

View Video

Sumo Logic

Read more about Ep 23: How to bootstrap your AppSec program

Troubleshooting Cilium network policies: Four common pitfalls

Dec 16, 2025 By Mallory Mooney In Datadog

Cilium network policies (CNPs) extend Kubernetes’ L3/L4 controls to the application layer (L7). CNPs provide teams with advanced networking capabilities, but they can also introduce new ways for connectivity to fail, especially in environments running thousands of workloads. Many of these issues stem from differences in how Kubernetes and Cilium interpret the same concepts, such as label scoping, IP-based rules, service identities, and how default-deny behavior is applied.

Read Post

Datadog

Read more about Troubleshooting Cilium network policies: Four common pitfalls

New Attack Technique "ConsentFix" Hijacks OAuth Consent Grants

Dec 16, 2025 By Andres Ramos In Arctic Wolf

On December 11, 2025, Push Security published research detailing a newly observed browser-based phishing technique called ConsentFix. The name ConsentFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages. ConsentFix, enables threat actors to gain cloud account access without capturing passwords, multifactor authentication (MFA) codes, or other credentials by abusing legitimate OAuth authentication and consent flows.

Read Post

Arctic Wolf

Read more about New Attack Technique "ConsentFix" Hijacks OAuth Consent Grants

Fireside Chat: LevelBlue + Tenable Partnership - Unlimited Vulnerability Scanning at No Cost

Dec 16, 2025 By LevelBlue In LevelBlue

Discover how LevelBlue and Tenable are transforming cybersecurity in this exclusive fireside chat featuring Michael Vaughn, Director of Product Management at LevelBlue, and Greg Goetz, VP of Global Strategic Partners at Tenable.

View Video

LevelBlue

Read more about Fireside Chat: LevelBlue + Tenable Partnership - Unlimited Vulnerability Scanning at No Cost

From compliance to culture: An MSP's guide to driving real security awareness with threat intelligence

Dec 16, 2025 By ThreatQuotient In ThreatQuotient

In times of geopolitical and economic instability, no organization would consider running without backups, additional support, clear end goals, and company-wide communication. Within business, the wisdom of strength in numbers and power in unity is widely understood. However, when it comes to its cybersecurity, a critical pillar that reputation, safety, and resilience rely upon, the opposite often happens.

Read Post

ThreatQuotient

Read more about From compliance to culture: An MSP's guide to driving real security awareness with threat intelligence

How To Reduce Risk This Holiday Season

Dec 16, 2025 By Adam Marrè In Arctic Wolf

The holiday season is traditionally a period of goodwill, gift giving, and time with loved ones, but if you are responsible for your enterprise’s cyber defenses it’s also a time when you should have a heightened awareness of cyber risk. Cybercriminals often treat this time of year as a prime opportunity to exploit the unprepared and unwary.

Read Post