%term

Understanding Account Takeovers

Oct 10, 2025 By Arctic Wolf In Arctic Wolf

The identity attack surface is expanding faster than ever. Every new cloud application, remote login, and digital touchpoint creates another entryway threat actors can exploit, targeting the very credentials that give employees, customers, and partners access to critical systems. One of the top, tried-and-true identity attack techniques threat actors have utilized with great success is called an account takeover.

Read Post

Arctic Wolf

Read more about Understanding Account Takeovers

Inside the Crimson Collective Attack Chain-and How to Break It with Zero Standing Privileges

Oct 10, 2025 By Gabriel Avner In Apono

New details are emerging in recent weeks on how the Crimson Collective threat group has been conducting a large-scale campaign targeting Amazon Web Services cloud environments. Recent reports highlight how easily the attackers progressed once they obtained valid credentials. The Crimson Collective claims to have exfiltrated ~570 GB across ~28,000 internal GitLab projects; Red Hat has confirmed access to a Consulting GitLab instance but hasn’t verified the full scope of those claims.

Read Post

Apono

Read more about Inside the Crimson Collective Attack Chain-and How to Break It with Zero Standing Privileges

Mobile App Security Assessment: Identifying Risks Before Attackers Do

Oct 10, 2025 By Lookout In Lookout

Misconfigurations in storage and encryption settings can put your mobile apps at risk, but so can social engineering attacks. Mobile devices are powerful productivity tools, enabling your staff to work from almost anywhere. They can also be security risks, sharing sensitive data outside of a tightly controlled office environment. If smartphones and tablets are integral to your organization’s day-to-day workflows, a mobile application security assessment should be part of your cybersecurity strategy.

Read Post

Lookout

Read more about Mobile App Security Assessment: Identifying Risks Before Attackers Do

10 Signs Your Company Needs Managed Cybersecurity Services

Oct 10, 2025 By SafeAeon Inc. In SafeAeon

Cyberattacks are becoming more frequent and costly for businesses all around the world. Despite investing in solid IT/security teams, businesses are struggling to ward off cyberattacks. There are three main problems with in-house teams: limited staff, restricted budgets for advanced tools, and a lack of specialized expertise to cover every threat. So, what’s the solution? Managed Cybersecurity Services.

Read Post

SafeAeon

Read more about 10 Signs Your Company Needs Managed Cybersecurity Services

SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

Oct 9, 2025 By SquareX

As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribute malware and gain unauthorized access to enterprise SaaS apps. The timing of this disclosure is particularly significant as major companies including OpenAI, Microsoft, Google and The Browser Company have announced or released their own AI browsers. With Chrome and Edge alone representing 70% of the browser market share, it is very likely that the majority of consumer browsers in the future will be AI Browsers.

Read Post

Read more about SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

Enterprises take nearly a week to grant new hires full access to critical workflows

Oct 9, 2025 By Teleport In Teleport

Half of enterprise respondents cited identity-related tasks as causing 'problematic levels of manual work' for staff, impeding the ability to react to identity-based attacks in time.

Read Post

Teleport

Read more about Enterprises take nearly a week to grant new hires full access to critical workflows

The Lost Payload: MSIX Resurrection

Oct 9, 2025 By Splunk In Splunk

MSIXBuilder transforms what was traditionally a complex, multi-tool process into a single automated workflow that mirrors actual attacker techniques. By automatically handling certificate lifecycle management, dependency resolution, and package signing, the tool removes the technical barriers that previously prevented security teams from creating realistic test scenarios. This means defenders can quickly generate both signed and unsigned MSIX packages to validate their AppXDeployment event log coverage, confirm detection rules, and build detection coverage that actually works against real-world threats.

View Video

Splunk

Read more about The Lost Payload: MSIX Resurrection

Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

Oct 9, 2025 By KnowBe4 Team In KnowBe4

Employees who multitask are significantly more vulnerable to phishing attacks, according to a study from the University at Albany published in the European Journal of Information Systems. “In real-world settings, users are frequently engaged in other digital tasks when a suspicious message appears, requiring them to momentarily interrupt their workflow,” the researchers write.

Read Post

KnowBe4

Read more about Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

Splunk Attack Analyzer Feature Video: Following Complex Attack Chains

Oct 7, 2025 By Splunk In Splunk

Learn how Splunk Attack Analyzer saves analysts time and enhances SOC efficiency by automatically analyzing complex attack chains.

View Video

Splunk

Read more about Splunk Attack Analyzer Feature Video: Following Complex Attack Chains

AI-Generated Attacks: What are They and How to Avoid Them?

Oct 7, 2025 By Chaitali Avadhani In miniOrange

AI-generated attacks, such as social engineering, phishing, deepfakes, malicious GPTs, data poisoning, and more, are disrupting the current security landscape speedily. But there are ways to avoid them and strengthen our defences with miniOrange IAM solutions.

Read Post