Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 20, 2026, Oracle disclosed a critical (CVSS score of 9.8) vulnerability (CVE-2026-21992) impacting two Oracle Fusion Middleware components: Oracle Identity Manager and Oracle Web Services Manager. An unauthenticated attacker could exploit the vulnerability to obtain network access via HTTP and remotely execute code. Critical functions of the products are exposed due to the lack of network-level authentication. As of this publication, there are no reports of active exploitation.

The global CISO landscape: A leadership gap too large to ignore Why the world needs scalable security leadership — and MSPs and MSSPs are key to delivery The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in global cybersecurity leadership. Despite decades of progress and near-universal CISO adoption in Fortune 500 and Global 2000 organizations, there are still only 35,000 CISOs worldwide serving an estimated 359 million businesses.

From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR.

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.

Cyber threats are escalating rapidly, with ransomware groups multiplying and attacks becoming faster and more targeted than ever. This blog profiles four of the most active threat actors currently targeting key industries: IntelBroker, APT44 (Sandworm), Volt Typhoon, and APT45. From financially motivated cybercrime to state-sponsored espionage and infrastructure disruption, each group presents unique risks across sectors including technology, energy, government, and finance.

When geopolitical tensions rise, cybersecurity quickly becomes part of the public conversation. Government agencies issue warnings. Security teams increase monitoring. Headlines start asking which organizations could become targets if cyber operations escalate alongside physical conflict. But geopolitical conflict does not suddenly create cyber risk. What it does increase is the likelihood that existing weaknesses will be tested and pre-existing risks could be exposed.

Hybrid cloud environments rarely start as a carefully planned architecture. Most organizations reach that point gradually. A few workloads move to the cloud first. Then development teams adopt additional cloud services. Meanwhile, critical systems continue running on-premise because they cannot easily migrate. Over time, the result is an enterprise hybrid cloud environment that spans multiple infrastructure layers. From a business perspective, this flexibility is useful.

Global cyber attacks increased by approximately 38% in 2025, with organisations experiencing an average of over 1,900 attacks per week. To thrive and survive in this dynamic environment, businesses must move beyond mere security and embrace a holistic strategy of cyber resilience.