Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2025 has seen WhatsApp back in the headlines—this time for all the wrong reasons. Earlier this month, The National broke the story: WhatsApp’s security is under renewed scrutiny following revelations that Israel remains the only known actor to have successfully exploited it. But if history has taught us anything, it’s this: if one nation-state can do it, others may follow. At Appknox, we decided to verify the current state of WhatsApp’s mobile app security for ourselves.

In the cybercrime ecosystem, innovation often comes in disturbing forms. The ransomware group Qilin—already notorious for offering a full suite of extortion tools to affiliates—has introduced a new feature that elevates psychological warfare to a new level: a “Call a Lawyer” button. This isn’t satire. This is real social engineering, now backed with actual legal threats.

Arctic Wolf has recently observed a campaign targeting the legal industry using a combination of brute-force and spearphishing techniques. Threat actors initially attempted to brute-force multiple user accounts. After those efforts were unsuccessful, they pivoted to spearphishing by sending spoofed emails that appeared to originate from internal users. These emails used the subject line “Reminder-Your-to-do-list” and contained a malicious.HTM attachment.

Five centuries after the printing press was invented, the digital age began. With significant revolutions in knowledge dissemination, the era taking place now has seen vast amounts of information become instantly accessible. Whilst this is generally seen as a positive in most countries worldwide, malicious intentions persist across the digital world.

Every time someone asks me about building their AI policy, I die a little inside. Not because it’s a bad question, but because my answer is always the same: “Can we not build it off pure fear for once?” Most people don’t understand how AI architecture works, so their first instinct is to panic. And, we’ve seen this movie before: cloud, mobile, bring your own device (BYOD).

We’re excited to share that Splunk Attack Analyzer recently introduced the ability to translate content and achieved SOC 2 Type II certification.

Did you hear the news? You can now build and deploy agents in Tines using the AI Agent action type - an evolution of our AI action! AI on the Storyboard just got even more powerful, with the opportunity to build your workflows as autonomous as you choose with the help of an agent. Using the tools from your tech stack, the agents you build are designed to reason, decide, and act on your behalf. Curious to see it in action?

Almost 30 years ago, two graduate students at Stanford University — Larry Page and Sergey Brin — began working on a research project they called Backrub. That, of course, was the project that resulted in Google. But also something more: it created the business model for the web. The deal that Google made with content creators was simple: let us copy your content for search, and we'll send you traffic.

In June 2025, Israel carried out airstrikes against key Iranian military and nuclear facilities. Iran swiftly retaliated, escalating regional tensions to unprecedented levels. This military confrontation has not only unfolded in conventional warfare but also triggered a massive surge in cyber operations. Almost immediately after the kinetic attacks, numerous hacktivist groups began launching cyberattacks primarily targeting Israel and its international allies.

I recently discovered an interesting race condition vulnerability in the eCommerce software nopCommerce, during a manual pen test as part of the SWAT service (SWAT is Outpost24’s Pen Testing as a Service solution). This vulnerability (CVE-2024-58248) involves nopCommerce, an open-source eCommerce platform written in C#, which aids developers in building online stores. When exploited, it allows an attacker user to redeem a gift card multiple times by using a technique called a single-packet attack.