Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Effective threat hunting requires both comprehensive visibility and quick, data-driven insights. Olly, the AI-powered observability teammate within Coralogix, provides just that. Whether you’re tracking lateral movement, uncovering stealthy persistence, or correlating spikes in anomalous activity, Olly rapidly pinpoints the evidence and presents it in context so you can confirm or dismiss threats before they escalate.

Application Security, WAF, and OWASP form an interconnected defense strategy for web applications. OWASP (Open Web Application Security Project) provides the framework for identifying critical vulnerabilities through resources like the OWASP Top 10, while WAFs act as the protective layer that detects and blocks attacks targeting these vulnerabilities in real-time.

If you attended AWS re:Invent last year, it probably felt like there was an AI solution for everything. Models, copilots, agents; by the end, someone had to pitch an AI solution to summarize all of the other AI solutions. This year, it may still feel like the AI announcements multiply faster than the models themselves. Under all of the hype, one message still resonates: AI innovation only works when it’s built on a secure foundation.

Traditional SIEMs were built for a simpler time, when infrastructure was static, data was structured, and threats were easier to spot. Designed to collect logs and centralize alerts, they gave organizations a single pane of glass into their environment. Visibility isn’t enough anymore.

Coralogix is excited to announce a major enhancement to our Unified Threat Intelligence (UTI) capabilities – now with expanded IOC matching beyond IPs. While our earlier focus was primarily on detecting malicious IP addresses, threats have evolved. Attackers now hide behind encrypted traffic, disposable domains, and polymorphic files. To stay ahead, we’ve normalized new critical fields – JA3, JA4, domain, URL, and file hash and integrated them into our UTI engine.

A newly identified strain of commodity ransomware named Mamona has emerged in the cybercriminal underground. This threat diverges from typical ransomware-as-a-service (RaaS) models by functioning entirely offline, relying on custom-built cryptographic routines and deploying no external command-and-control (C2) infrastructure.

On March 14, 2025, a critical supply chain attack targeted the widely used GitHub Action tj-actions/changed-files. This action, utilized in over 23,000 repositories, was compromised when attackers injected malicious code, causing CI/CD pipeline secrets to be exposed in GitHub Actions logs. This breach raised serious concerns regarding the security of GitHub Actions and the importance of implementing robust security measures in CI/CD workflows.

As per a recent update from Fortinet, Exploitation of CVE-2024-55591, a recently disclosed authentication bypass vulnerability in FortiOS and FortiProxy, allows remote attackers to achieve super-admin privileges. By sending specially crafted requests to the Node.js WebSocket module, attackers can exploit this zero-day vulnerability to gain unauthorized access.

As the official implementation date approaches for the Digital Operational Resilience Act (DORA) – financial institutions and their information and communication technology (ICT) service providers, across the European Union are gearing up for a significant shift in their operational landscape.

A Software Bill of Materials (SBOM) is essentially an inventory of the components used to build a software artifact, such as an application. While the concept of tracking an application’s components is not new, its importance has grown in recent years due to the rising threat of software supply chain attacks. One significant example is the SolarWinds attack, which highlighted how threat actors are increasingly targeting vulnerabilities in software components during the delivery process.