Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Most data breaches don’t happen because systems fail. They happen because people make routine errors. Attackers know this, which is why social engineering has become the dominant attack vector, exploiting everyday actions like emailing files or responding to messages. Today, 70–90% of successful cyber attacks involve social engineering, resulting in data exposure that technical safeguards can’t intercept.

BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) continue to track an activity cluster that uses email bombing and IT-support impersonation over Microsoft Teams to obtain Quick Assist access, then pivot to a deeper attack. This research shows that once on the victim’s host, the actors sideload a malicious DLL to deliver a new backdoor BlueVoyant has dubbed the A0Backdoor.

Security teams are under more pressure than ever, reacting at human speed while systems, identities, and AI agents operate at machine speed. In this episode of Security Matters, host David Puner sits down with cybersecurity leader and former FBI executive MK Palmore to explore why defenders struggle to keep pace and what it takes to regain control.

As governments continue to digitize services, the number of systems that support public administration continues to grow. With this expansion comes greater cybersecurity risk. To address these risks, Spain established the Esquema Nacional de Seguridad (ENS), a national framework designed to protect information systems used by public sector organizations. ENS defines the security requirements that ensure government systems remain secure, reliable, and resilient.

Most insider threats do not start with obvious intent. They start with small changes: A file gets downloaded that does not need to be or a user accesses data outside their usual scope. Information gets shared in ways that feel slightly off. Each action on its own can look harmless, but together, they point to insider risk. That is what makes insider threat indicators hard to catch for security teams. You are not looking for a single violation. You are looking for patterns in how people interact with data.

Account takeover mitigation is the process of detecting, containing, and preventing unauthorized access to user accounts before financial or reputational damage occurs. Effective mitigation depends on real-time detection, rapid response, and automated playbooks. Modern account takeover attacks execute in minutes. Credentials are harvested in real time through phishing, reverse proxy phishing, and man-in-the-middle techniques. Attackers often attempt login seconds after a user submits credentials.

Building a remote team is easy. Scaling one without losing your mind—or your data—is the hard part. As a team that has spent a decade in the trenches of the "Workforce Analytics" world at CurrentWare, we’ve seen the same pattern repeat: companies transition to remote work, they nail down their communication (Slack), they secure their perimeter (VPNs), and then they hit a wall. That wall is Operational Friction.

Unexpected downtime can disrupt your workflows in an instant. Virtual machines (VMs) power critical workloads, and when one fails, every second counts. The time needed for a full VM recovery depends on multiple factors, such as the size of virtual disks, storage performance, network speed and the recovery method.

Cybersecurity compliance is not only a regulatory requirement but also a core business protection strategy. Businesses are under increasing pressure to prioritize data security as sophisticated cyber threats and increasingly stringent laws become more common. Following laws, standards, and best practices for cybersecurity compliance is important to keep private data safe from breaches and unauthorized access.