Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re excited to deliver innovative improvements across the WatchGuard Endpoint Security portfolio, now available to customers and partners. Security teams face two realities at once: stealthier threats and noisier operations. This update focuses on outcomes, stronger prevention against fileless and living-off-the-land attacks, and faster, clearer investigations that reduce alert fatigue and mean time to respond (MTTR).

Digital identities are under siege. The latest Osterman Research white paper offers a sobering discrepancy between maturity and reality. The study surveyed 126 US based professionals responsible for identity security across organizations with more than 500 employees. The findings reveal a growing gap between perceived maturity and actual readiness to combat identity-led threats.

AI is no longer just a future concern. It is deeply embedded in both offense and defense. With new exploits surfacing, massive open-source model use, and attackers growing more creative, the risks we warned about are now very real.

When I talk to customers about AI these days, I usually get two very different reactions. Some lean forward, excited about the promise: fewer alerts, faster response, maybe even lights-out SOC operations someday. Others lean back, uneasy about the risks: does this mean attackers will be able to run thousands of hacks at once, automatically? The truth is, both reactions are justified. We are at the start of a shift toward agentic AI. This is not the same as today’s AI copilots that wait for prompts.

With hybrid work, cloud applications, and distributed teams now the standard, organizations face a critical challenge: how to deliver secure, seamless access to both cloud-hosted and private applications without relying on outdated remote user VPNs or complex hardware.

The hybrid working model has blurred the traditional limit of corporate networks. With users accessing critical resources from remote locations, unmanaged networks and personal devices, attack surfaces have increased exponentially. This demands a cutting-edge, comprehensive and adaptive approach to security. A recent example in January 2025 makes this clear: a vulnerability in SimpleHelp - a remote access tool - let attackers compromise corporate endpoints and move laterally across the network.

For years, ransomware gangs have thrived by holding businesses hostage, forcing a terrible choice: pay up or watch your systems collapse. That era is ending. After a summer of cyber chaos that hit everything from the NHS to Harrods, the UK government has drawn a red line: no more quiet payoffs, no more sweeping attacks under the rug.

The APT group known as Librarian Ghouls has managed to infiltrate the networks of technical universities and industrial companies in Russia, Belarus, and Kazakhstan without arousing suspicion. How did the gang get inside? By using legitimate logins and moving laterally through internal networks, relying on legitimate access credentials without generating alerts.

Ransomware is evolving ‒ not fading. Despite a decline in attack detections based on WatchGuard Firebox telemetry, data from extortion sites and media reporting tells a different story: ransomware activity is actually on the rise, both quarter-over-quarter and year-over-year. The number of active ransomware groups is also increasing, as is the average ransom demand. In fact, the typical payout jumped from $400,000 in 2023 to $2 million in 2024 ‒ a staggering 500% spike.