Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Autonomous AI agents - known as Computer-Using Agents (CUAs) - are no longer science fiction! These systems can browse websites, interact with applications, and carry out tasks on their own. While intended to increase productivity, they can already be repurposed by threat actors for malicious use.

Cyber security threats continue to evolve, but one factor remains consistent: human error is still the greatest risk to modern businesses worldwide. Employees make mistakes, bypass security measures, and fall victim to sophisticated social engineering attacks, leading to devastating data breaches. Despite extensive security awareness training, the reality is that investing more time and money in training isn’t solving the problem.

As a human risk management platform, we keep a close eye on the evolving threat landscape to help organisations detect and mitigate human cyber risks. The first quarter of 2025 has already revealed critical vulnerabilities, data breaches, and novel attack vectors that highlight the importance of proactive security measures and automated interventions. Here’s a deep dive into the major cyber security events of Q1 and what forward-thinking organisations, like yours, can learn from them.

Earlier this year I joined the team at CultureAI, and like many, I shared the news on LinkedIn. Within weeks, I found myself at the receiving end of multiple phishing emails impersonating our CEO designed to exploit new employees. But rather than ignoring them, I thought it could be fun to play along, see where the rabbit hole led, and deep dive into the world of BCE and Gift Card scams.

A few weeks ago, a malware campaign that leveraged Google Ads to promote a fake Homebrew website caught my attention. It tricked users into running an installer command that downloaded and executed a malicious binary resulting in an info stealer being introduced to the user’s machine.

The recent rapid adoption of the AI application “DeepSeek” has gained significant global attention. Becoming the app on both the Apple Store and Google Play Store within its first few days, seeing over 10 million downloads. While this explosive growth of DeepSeek R1 highlights the public’s fascination with AI-driven tools, the security community and policymakers have been less enthusiastic.

Behavioural analytics in cyber security has emerged as a powerful tool for identifying and mitigating human risks. By focusing on how humans interact with systems, user behavioural analytics offer a proactive approach to threat detection, ensuring a more secure digital environment for businesses.

Cyber security threats are increasingly complex, and while external attacks like phishing and malware often take centre stage, insider threats are emerging as a significant concern. Insider threats are risks originating from within an organisation, which pose unique challenges. They exploit an insider’s knowledge of systems, processes, and vulnerabilities, making detection and prevention particularly challenging.

In an era where password breaches have become all too common, Multi-Factor Authentication (MFA) has emerged as a critical layer of security. MFA provides an authentication method that requires users to present multiple forms of identification before gaining access to systems, which is considered a more robust defence against cyber attacks. However, as cyber criminals evolve tactics, MFA is no longer impervious to threats, particularly phishing attacks that exploit vulnerabilities.

Software as a Service (SaaS) applications have become indispensable for organisations in today's digital landscape. From collaboration tools enabling better communication, to SaaS applications that streamline operations, enhance productivity, and support remote work. However, their convenience comes with significant security challenges—many of which stem from human errors, insider threats, and inadequate configuration practices.