Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CoPilotLeaks: A Look at the Threat Actor's TTPs, History and More

CopilotLeaks is a criminal threat actor group known for its data breaches and leaks targeting various sectors in Bolivia and Paraguay. The group operates under multiple aliases, including Megumi, vulnerandolo, and Johan_Liebheart. Their primary motivation is personal gain, and they are characterized as having an intermediate level of sophistication.

Is CTEM a framework or a solution?

CTEM, introduced by Gartner, was designed to address a critical gap in traditional vulnerability management: the broken flow between detection and remediation. While reports and alerts pile up, exposures often remain unresolved, leaving organizations at risk. CTEM organizes this process into five stages—Scoping, Discovery, Prioritization, Validation, and Mobilization—bringing structure to chaos. Technically, it’s a framework because Gartner never mandated a single solution to deliver all stages. Most vendors only cover one or two.

Attack Surface Management vs. Exposure Management: What Wins?

When Attack Surface Management (ASM) stops at discovery, teams drown in alerts, CVE lists, and noise. What’s exposed isn’t the same as what’s actively being weaponized—and without prioritization or built-in remediation, risk piles up fast. Exposure Management (EM) closes that gap. It merges threat intelligence, vulnerability context, and safe-by-design remediation into one continuous loop. Instead of “scan → report → wait,” EM delivers.

Payroll Pirates: The Widespread Malvertising Network

Since at least May 2023, a financially motivated cyber-crime network has been operating a phishing campaign primarily abusing Google Ads, and occasionally Microsoft Ads to drive traffic to credential-harvesting websites. This campaign – part of which was named “Payroll Pirates” by SilentPush – has remained active, with periodic updates to tactics and target rotations.

The Weak Link: Recent Supply Chain Attacks Examined

Originally published: April 2023 Updated: September 2025 Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.

Meet Scattered Spider: The Group Currently Scattering UK Retail Organizations

First published May 8th 2025 Updated Sept 16th 2025 Editor’s Note: This blog builds on our recent analysis of the DragonForce ransomware cartel, which claimed responsibility for a wave of UK retail attacks in April–May 2025. While DragonForce took credit for the extortion and data leak phase, growing evidence suggests that another group—Scattered Spider—may have played a foundational role in enabling those attacks.

The Great NPM Heist - September 2025

On September 8, 2025, the JavaScript ecosystem experienced what is now considered the largest supply chain attack in npm history. A sophisticated phishing campaign led to the compromise of a trusted maintainer’s account, resulting in the injection of cryptocurrency-stealing malware into 18+ foundational npm packages. These packages collectively accounted for over 2 billion weekly downloads, affecting millions of applications globally—from personal projects to enterprise-grade systems.