Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 31, 2025, just as Portugal entered the peak of another intense wildfire season, João Pina, also known as Tomahock, received an automated alert from Cloudflare. His volunteer-run project, fogos.pt, now a trusted source of real-time wildfire information for millions across Portugal, was under attack. One of the several alerts fogos.pt received related to the DDoS attack.

Most businesses do not set out wanting to change MSPs. They make the choice once, sign the contract, and hope they never have to think about it again. The whole point is to make IT easier, to have someone else deal with the problems so the business can get on with its job.

Active Directory synchronization aligns on-prem and cloud identities, supporting secure access, policy consistency, and operational efficiency in hybrid environments. It enables unified authentication, automates provisioning, and enforces governance across platforms. Netwrix Directory Management enhances this with end-to-end synchronization, real-time updates, access reviews, and password policy enforcement—without third-party connectors.

Identity Lifecycle Management governs digital identities across their full lifecycle, automating provisioning, access changes, and deprovisioning. It enforces least privilege, synchronizes identity data, and integrates with HR, IAM, and SIEM systems. Role-based controls, audit trails, and policy-driven workflows ensure secure, compliant access across hybrid environments and machine identities.

If you regularly work across IDEs, you’ve probably noticed how security tools often behave inconsistently. One plugin might work well in VS Code but feel clunky in PyCharm or Visual Studio. We set out to change that. The Veracode Scan plugin delivers a consistent, reliable experience across VS Code, JetBrains IDEs, Eclipse, and Visual Studio — helping developers focus on writing secure code, not troubleshooting plugins.

Since 2023, CrowdStrike Services and CrowdStrike Counter Adversary Operations have investigated multiple intrusions conducted by MURKY PANDA, a sophisticated adversary leveraging advanced tradecraft to compromise high-profile targets. MURKY PANDA, active since at least 2023, is a cloud-conscious adversary with a broad targeting scope; the adversary’s operations have particularly focused on government, technology, academia, legal, and professional services entities in North America.

Insider threats drain organizational budgets by $17.4 million annually on average, with over 80% of companies experiencing at least one insider-related incident in the past year. Existing insider threat solutions deliver inadequate protection because of excessive false positives, sluggish threat detection, and weak intelligence gathering capabilities.

Professional phishing groups are targeting customers of brokerage firms in order to manipulate stock prices, KrebsOnSecurity reports. The attackers use a technique called “ramp and dump” to profit from the scheme. “With ramp and dump, the scammers do not need to rely on ginning up interest in the targeted stock on social media,” Krebs explains.

Attackers are using a Japanese Unicode character to replace forward slashes in phishing URLs, BleepingComputer reports. The attacks impersonate Booking.com with phony emails that inform users of a new login to their account. “The attack, first spotted by security researcher JAMESWT, abuses the Japanese hiragana character “ん” (Unicode U+3093), which closely resembles the Latin letter sequence '/n' or '/~', at a quick glance in some fonts,” BleepingComputer explains.