Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The quiet shift no one talks about. Something happened over the past few years that most MSPs didn't plan for. Their customers moved to Microsoft 365, adopted Entra ID as their identity provider, and started using Microsoft Authenticator for MFA. It made sense at the time. It was simple, it was included in the license, and it worked. But somewhere along the way, a strategic decision was made by default. Microsoft became the identity provider, directory, credential store, and MFA provider. All at once.

An employee receives what looks like a routine email. Maybe it’s a shared document link, a shipment update, or a tool they already use. Nothing feels off. They click. Within seconds, a malicious script runs in the background. No warning. No alert. And the firewall? It didn’t block it. This isn’t an edge case. It’s how many modern attacks actually begin. Not by breaking in, but by being let in. Traditional network defenses were built to block external threats at the perimeter.

Mobile Device Management, commonly known as MDM, is how organizations manage, secure, and monitor mobile devices that access corporate data and applications. It helps IT teams keep smartphones, tablets, and laptops safe while allowing employees to work productively.

The world of cybersecurity is experiencing a shift as adversaries continue to refine their techniques. In 2025, cybersecurity teams will confront a host of new challenges that demand proactive and adaptive responses. Tabletop exercises offer an excellent opportunity to simulate incidents in a controlled environment, allowing teams to evaluate and improve their incident response plans.

On March 31, 2026, two malicious versions of axios, the enormously popular JavaScript HTTP client with over 100 million weekly downloads, were briefly published to npm via a compromised maintainer account. The packages contained a hidden dependency that deployed a cross-platform remote access trojan (RAT) to any machine that ran npm install (or equivalent in other package managers like Bun) during a two-hour window. The malicious versions (1.14.1 and 0.30.4) were removed from npm by 03:29 UTC.

A phishing campaign targeting multiple organizations led to RMM installations – but not much else (yet). A threat actor experimenting, or an access-as-a-service attack underway? Sophos’ Managed Detection and Response (MDR) teams reported on a phishing campaign late last year that attempted to trick users into installing LogMeIn Resolve (formerly GoToResolve), a remote monitoring and management (RMM) tool, to acquire remote unattended access.

Where AI in the SOC is actually delivering — and where it isn’t“We’ll have a generation of security professionals who can supervise AI but can’t function without it." For all the noise surrounding “agentic AI” in cybersecurity, security operations centers are still wrestling with the same fundamental questions: What does AI genuinely improve today? Where does it fall short? How can organizations tell the difference?