Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With a background in philosophy, my transition into the world of cybersecurity as a penetration tester sparked a deep curiosity about the inner workings of the prolific cybercrime groups I saw in the news. To better defend against these groups, I needed to understand more about how they worked, specifically how they recruited people, vetted them, and turned their skills into a profitable business model.

The EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA) are shaping the regulatory landscape for cybersecurity in Europe and across the globe. While DORA focuses on the financial sector and ICT providers, the upcoming CRA will extend requirements to all digital products and services, emphasizing secure-by-design practices and software resilience.

Founded around 2022, Scattered Spider is a well-known group of young, English-speaking threat actors believed to be from the US and UK. The group—which has some members as young as 16—first gained global recognition in September 2023 when they successfully hacked the internal systems of both Caesars Entertainment and MGM Resorts, obtaining sensitive data they used to extort the casinos.

On September 18, 2025, an Analysis Report was issued by CISA that details information about two sets of malware it obtained from an organization that was compromised during May 2025. To gain initial access, the threat actors chained together known vulnerabilities outlined in CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM) before deploying the malware, which allowed them to achieve remote code execution (RCE).

Complying with the Digital Operational Resilience Act (DORA) means proving that resilience is built into daily operations through ongoing, evidence-backed practices. SafeBreach, the leader in enterprise exposure validation, helps institutions meet DORA’s key requirements by simulating real-world threats across the MITRE ATT&CK framework.

Security teams are under immense pressure. Traditional red teaming and annual penetration tests aren’t cutting it anymore. Breaches are no longer rare events; they’re expected. What matters now is what happens after the breach. Enter Continuous Automated Red Teaming (CART). CART is transforming how leading security teams approach validation, visibility, and readiness.

A new cybersecurity reality has taken shape across Europe: the European Union’s updated Network and Information Security Directive (also known as NIS2) went into effect in January 2025. This sweeping regulation expands the cybersecurity obligations of thousands of organizations in critical sectors from energy and transport to healthcare, finance, cloud and data centers. Much like the Digital Operational Resilience Act (DORA) in the financial world, NIS2 isn’t just another compliance checkbox.

In August 2025, a joint Cybersecurity Advisory (CSA) was issued by CISA, NSA, FBI, and allied cybersecurity agencies across the Five Eyes, EU, and partner nations. This advisory details a long-term espionage campaign by People’s Republic of China (PRC) state-sponsored actors—linked to companies supporting the Ministry of State Security (MSS) and People’s Liberation Army (PLA).