Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In Teleport 18, we’ve added official support to import Amazon EKS Audit Logs into Teleport Identity Security. This capability allows teams to have visibility into actions performed on Amazon EKS clusters when those actions were not executed via Teleport. Amazon EKS Audit Logs in Teleport Identity Security will be generally available in Teleport 18.3, coming November 2025. Your browser does not support the video tag.

Earlier this week, The Australian broke the news that the Cyber Touhan hacking group stole classified plans for Australia’s new infantry fighting vehicles, a $7B AUD procurement program, in a massive cyber-attack targeting 17 Israeli defence contractors in the supply chain. The attack was carried out by targeting a downstream supplier, MAYA Technologies, exploiting vulnerabilities in their network and peripherals to gain access to sensitive data.

Cyberattacks are becoming more frequent and advanced with each passing day. It won’t be enough to rely solely on automated security tools for protection against these attacks. You need to bring threat hunting into your security strategy. This proactive approach will help identify threats before they can cause real damage. In this blog, you will learn about the cyber threat hunting process, the professionals involved, and why it should be implemented in your company.

Cyber attacks are often associated with cybercriminals, but how do they manage to breach organizations with high-tech security systems? There are always some loopholes left by mistake or through malicious intent that allow attackers to exploit vulnerabilities. This is known as an insider threat. The problem with insider threats is that they are difficult to spot and cause more damage because they come from trusted insiders with legitimate access.

New research out of AhnLab documents the Cephalus ransomware group has been aggressively exploiting stolen Remote Desktop Protocol (RDP) credentials to break into networks and execute rapid, destructive encryption campaigns. The pattern is straightforward and brutal: credentials get you in, and once inside the attackers move fast to blind and break recovery.

Privileged accounts are often treated as background plumbing until something goes wrong. They sit across cloud consoles, databases, and pipelines and have the power to alter configurations or bring production to a halt, making them a favorite target of bad actors. Credential theft surged 160% in 2025, making stolen identities one of the fastest-growing attack vectors.

The holidays bring joy, celebration, and a flood of scam texts designed to steal your money, data, and peace of mind. Every holiday season brings excitement, and unfortunately, a surge in SMS scams targeting unsuspecting consumers. These scam messages might be tiny, but their impact can be huge, ranging from financial loss to identity theft. According to the U.S. Federal Trade Commission, people reported $470 million in losses from text-based scams in 2024, a fivefold increase since 2020.

Unified Non-Human Identity (NHI) security platform now features integrated Public Monitoring, one-click secret revocation for GitHub/GitLab/OpenAI, and enhanced graph intelligence. Close the attack window with automated remediation and expanded visibility.

Configuration management enforces consistent endpoint and system policies to prevent misconfigurations, reduce risk, and simplify compliance. By establishing secure baselines, automating enforcement, and detecting configuration drift, organizations strengthen their security posture. Netwrix Endpoint Management further enhances protection with automated monitoring, rollback, and compliance alignment to safeguard sensitive data and identity-based access.

NTLM Relay attacks should be history. Yet in 2025, they remain one of the most effective ways to compromise Active Directory. We first covered this problem back in 2020, when we wrote about a troubling vulnerability that refused to die: NTLM Relay attacks. At the time, many believed NTLM Relay attacks were a relic of the past, an old problem long solved by Kerberos and modern authentication protocols.