Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Attackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to researchers at ANYRUN. The phishing attacks are delivered via email and primarily attempt to steal Microsoft 365 credentials. Like many popular commodity phishing kits, Salty 2FA is designed to bypass a variety of multifactor authentication measures.

ReliaQuest has published a report on the cybercriminal recruitment ecosystem, finding that fluent English speakers with social engineering skills are highly sought-after. “Among the most in-demand skills is English-speaking social engineering, with job posts more than doubling from 2024 to 2025,” the researchers write.

This is a follow up to the blog Cybersecurity as a Business Enabler about the shifting cybersecurity from a cost center to a value driver. If you are a C-level executive looking to transform how your organization approaches cybersecurity, here is how to shift the mindset from viewing security as just another cost center to recognizing it as a true value driver.

In August 2025, a joint Cybersecurity Advisory (CSA) was issued by CISA, NSA, FBI, and allied cybersecurity agencies across the Five Eyes, EU, and partner nations. This advisory details a long-term espionage campaign by People’s Republic of China (PRC) state-sponsored actors—linked to companies supporting the Ministry of State Security (MSS) and People’s Liberation Army (PLA).

A new cybersecurity reality has taken shape across Europe: the European Union’s updated Network and Information Security Directive (also known as NIS2) went into effect in January 2025. This sweeping regulation expands the cybersecurity obligations of thousands of organizations in critical sectors from energy and transport to healthcare, finance, cloud and data centers. Much like the Digital Operational Resilience Act (DORA) in the financial world, NIS2 isn’t just another compliance checkbox.

In our increasingly interconnected world, mobile applications have become indispensable tools for accessing a vast array of services and sensitive data. This post provides an in-depth exploration of mobile application authentication, grounded in the OWASP Mobile Application Security Verification Standard (MASVS), with a particular focus on MASVS-AUTH.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! I’m sure I’ve seen that Joker SDK mentioned before. No doubt under a new means of evasion.

In recent months, Trustwave SpiderLabs, A LevelBlue Company, saw a significant increase in phishing URLs containing familiar patterns, similar phishing templates, and a resurgence in the use of email marketing platforms. The use of URL redirectors, along with the abuse of Amazon Web Hosting and Cloudflare services, was also widely observed. Trustwave operates a URL-scanning system that we call PageML.

Any tool that is crucial for your daily operations – from Microsoft Teams or emails to OneDrive files – needs backup and reliable restore strategies. This way, you support the business continuity, compliance efforts, credibility, and overall security stance of your business. Keep in mind – without a well-thought-out backup strategy, you are risking being exposed to: Let’s take a closer look at aspects affecting your Microsoft 365 data.

You’ve built an amazing app. You upload it. A user downloads it. But instead of launching, their system throws a terrifying warning. “The publisher of this app could not be verified.” Trust destroyed. Install abandoned. Reputation at risk. That’s where code signing tools come in and why you can’t afford to skip them.