Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With evolving cyber threats and rapidly advancing technologies, today’s SMBs have no choice but to modernize their networks to stay secure, efficient, and competitive. WatchGuard is ready to support them with the launch of the next-gen Firebox Tabletop Series: Future-ready firewalls built for how businesses operate now and where they’re headed next.

The BlueVoyant Security Operations Center (SOC) recently responded to a client’s user accessing a potentially malicious link that further research identified as part of a recent, robust campaign aimed at stealing Twilio SendGrid credentials. The attack was investigated by BlueVoyant’s Threat Fusion Cell (TFC) to understand how it can bypass email filters, and how it likely targeted IT departments.

The companies winning with AI aren’t just deploying agents faster - they’re operationalizing them responsibly. They realize AI agents are creating a new, dynamic attack surface that traditional tools were never designed to handle. These agents span the entire enterprise ecosystem. Microsoft 365 Copilot, Copilot Studio, and Salesforce Agentforce are SaaS‑managed agents. GitHub Copilot, Cursor, and Claude desktop run directly on user devices as device‑based agents.

AI is no longer a futuristic concept – It has now become the core of how modern businesses are operating. Starting from chatbots to analytics, generative content to automation, AI is across every sector of business. As AI usage increases, the risks and regulation are also increasing.

Our threat-hunting team just uncovered a mass-produced remote DNS-manipulation campaign that hijacked an entire nameserver (NS) delegation belonging to a Fortune 500 company. Within hours, the attacker used that foothold to create over 9,500 brand-new subdomains, all resolving to the same criminal infrastructure serving illicit gambling pages.

The cybersecurity industry is intensely competitive. Thousands of vendors are locked in a daily battle for market share, deploying technologies that can become outdated almost as quickly as they’re released. But unlike most industries, we’re not just competing with each other. We’re also up against a shared adversary. So, here’s the uncomfortable question: if our real fight is against attackers, why aren’t we doing more to work together?

This blog is the latest in a series that delves into the deep research conducted daily by the Trustwave SpiderLabs Threat Operations team on major threat actor groups currently operating globally. The Silver Fox threat actor group, also associated with attacks attributed to Void Arachne and Great Thief of the Valley, is a relatively new, most likely China-based threat group that has emerged as a significant player in advanced persistent threat (APT) campaigns.

AWS DocumentDB by default is securely isolated within a VPC, unreachable from the public internet, what could be more secure? This security architecture can create unexpected challenges and complexity. The root cause? The very VPC isolation designed to protect DocumentDB can introduce a complex web of networking requirements, operational considerations, and architectural decisions that require careful management to maintain security.

A phishing campaign is targeting Instagram users with phony notifications about failed login attempts, according to researchers at Malwarebytes. Notably, the emails contain "mailto" links rather than traditional URLs, which help the phishing messages avoid being flagged by security filters. "Instead of linking to a phishing website, which is most common with emails like this, both the ‘Report this user’ and ‘Remove your email address’ links are mailto links," the researchers write.

ClickFix attacks have been around for decades; only the name is new. ClickFix attacks use social engineering to trick users into clicking on buttons and links that the user is told are needed so their browser or computer can perform some desired action.