Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security analysts know the feeling: The all-too-familiar dread creeps in as a new exploit hits the headlines. Cyber teams worldwide brace themselves, knowing that their weekends, vacations, and carefully laid plans are likely about to go up in smoke. The first question a CISO will always ask rings in their ears: “Are we protected against this?”

For modern digital businesses, compliance isn’t just a legal requirement—it’s a trust-building and security-enabling mechanism. Compliance frameworks like PCI DSS 4, HIPAA, GDPR, and NIST establish the technical and procedural standards organizations must meet to protect sensitive data, avoid regulatory penalties, and qualify for cyber insurance.

The expansion of cloud applications and mobile devices has created unlimited endpoints, leaving data vulnerable to security threats. In fact, Cryptographic failures rank no.2 in OWASP’s top 10 web application security risks. Effective cryptographic key management is crucial to protecting data, as a single compromised key could result in a massive data breach. This blog will explain some of the best practices for cryptographic key management.

You’ve just finished your Microsoft Sentinel deployment and have your shiny new SIEM up and running. Is your job done? Can a SIEM ever really be finished? The answer is “no” because your organization’s needs change, new technologies emerge, and cyber attack vectors constantly evolve.

Recently, industry analyst Jon Oltsik outlined a critical shift underway in cybersecurity: the move toward a threat-informed defense. As Oltsik describes, organizations are beginning to strengthen the intersection of vulnerability scanning and threat intelligence, using AI to bolster asset classification and risk scoring. This evolution is essential as enterprises seek to move beyond fragmented security practices and build a more cohesive exposure management strategy.

We know that everyone loves a feel-good, optimistic story, and when we set out to write our annual State of the Underground report — an analysis of nearly 2 billion intelligence items that we collected in 2024, including posts from underground forums and markets, Telegram messages, and news articles — we hoped to find the cyber equivalent of a cup of hot chocolate.

Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool. ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.

Phishing was the initial access vector in 50% of attacks during the first quarter of 2025, according to a new report from Cisco Talos. “Threat actors used phishing to achieve initial access in 50 percent of engagements, a notable increase from less than 10 percent last quarter,” Talos writes.

During the Netskope Threat Labs hunting activities, we came across a payload that led us to a multi-stage chain involving several custom PowerShell scripts, open source tools (such as Mimikatz and Rubeus), vulnerable drivers being exploited, and red team framework payloads (such as Havoc). After further investigation, we discovered these files were part of the arsenal of what seems to be an operator of a ransomware named “DOGE Big Balls,” a variant of the Fog ransomware.