Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Arctic Wolf Labs team has identified a new campaign by cyber-espionage group Dropping Elephant targeting Turkish defense contractors, specifically a manufacturer of precision-guided missile systems. The campaign employs a five-stage execution chain delivered via malicious LNK files disguised as conference invitations sent to targets interested in learning more about unmanned vehicle systems.

Recently, five popular NPM (Node Package Manager) packages were compromised and modified to deliver a malicious DLL, dubbed “Scavenger”. The malware pushed via these compromised NPM packages executes in two stages: an initial first-stage loader, followed by a second-stage infostealer. NPM is the package manager for the Node.js JavaScript platform, which allows developers to share and manage JavaScript libraries and tools.

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Companies face increasingly complex challenges every day, including cybersecurity threats aimed at disrupting their digital operations. One of the most frequent and damaging is the DDoS attack, which can take websites, applications, and critical services offline. Understanding what is a ddos attack is essential to identify risks, prevent attacks, and protect your organization’s digital infrastructure. In recent years, there have been attacks that marked a turning point in cybersecurity.

Compliance today isn’t just about ticking boxes or avoiding penalties, it’s a direct reflection of your organization’s security maturity. Many modern compliance frameworks now mandate regular testing for network vulnerabilities, which remain one of the leading causes of security breaches. In fact, in 2024, nearly 70% of reported incidents were linked to high-impact vulnerabilities that organizations failed to identify or prioritize.

Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. Here’s how it works, why it’s so stealthy, and what you can do to stay ahead of it.

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

In the ever-evolving world of retail, cyber threats are no longer a distant concern, they’re a daily reality. Over the past year, around 612,000 UK businesses reported experiencing a cyber breach or attack. Phishing remains the most common and disruptive method, targeting 85% of those affected. The retail sector, in particular, sits on a goldmine of customer data, credit card details, email addresses, and purchase histories, all of which are highly attractive to cybercriminals.