Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Static application security testing (SAST) has matured from a gate-at-the-end to a developer-first discipline. Forrester’s Static Application Security Testing (SAST) 2025 landscape report highlights why: attack volume is rising, code is released at least monthly in one in four teams, and AI generated code is flooding pipelines with even more code to secure. The tools that succeed are those that shorten mean time to remediate (MTTR) while fitting the way modern teams build.

In the ever-evolving landscape of technology, the allure of AI tools and agents is undeniable. They promise enhanced productivity, innovative solutions, and a competitive edge. With more tools and platforms available that democratize the usage and creation of AI systems, there is a surge in AI tools that are being built, customized, and deployed for business operations. However, the gold rush for AI comes with significant risks that cannot be ignored.

What is an SPN? Even a Windows Admin with some experience with Active Directory may be unaware of the role that Service Principal Names have in domain environments. A security principal name (SPN) is a unique identifier that links a specific service instance to the account running it, enabling clients to authenticate and connect to the right service within Active Directory (AD).

When I speak to customers across EMEA, one thing is clear: regulations like the EU's Digital Operational Resilience Act (DORA) are becoming very real, very fast. Financial institutions and their service providers are being asked to do more than ever before to demonstrate secure operations, especially when it comes to managing access to infrastructure. That's exactly why we hosted a recent webinar in partnership with Falx. The goal?

During the Netskope Threat Labs hunting activities, we came across a payload that led us to a multi-stage chain involving several custom PowerShell scripts, open source tools (such as Mimikatz and Rubeus), vulnerable drivers being exploited, and red team framework payloads (such as Havoc). After further investigation, we discovered these files were part of the arsenal of what seems to be an operator of a ransomware named “DOGE Big Balls,” a variant of the Fog ransomware.

Phishing was the initial access vector in 50% of attacks during the first quarter of 2025, according to a new report from Cisco Talos. “Threat actors used phishing to achieve initial access in 50 percent of engagements, a notable increase from less than 10 percent last quarter,” Talos writes.

Researchers at Malwarebytes warn that phishing emails are impersonating the US Social Security Administration (SSA) to trick users into installing the ScreenConnect remote access tool. ScreenConnect is a legitimate tool used for remote IT management, but it can be abused by hackers to take control of victims’ computers.

We know that everyone loves a feel-good, optimistic story, and when we set out to write our annual State of the Underground report — an analysis of nearly 2 billion intelligence items that we collected in 2024, including posts from underground forums and markets, Telegram messages, and news articles — we hoped to find the cyber equivalent of a cup of hot chocolate.

Recently, industry analyst Jon Oltsik outlined a critical shift underway in cybersecurity: the move toward a threat-informed defense. As Oltsik describes, organizations are beginning to strengthen the intersection of vulnerability scanning and threat intelligence, using AI to bolster asset classification and risk scoring. This evolution is essential as enterprises seek to move beyond fragmented security practices and build a more cohesive exposure management strategy.