Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A new threat campaign, codenamed BrickStorm and attributed to a China nexus group tracked as UNC5221, has security researchers sounding the alarm. This is a highly sophisticated espionage operation, and its most staggering feature is the adversary’s patience. The astonishing average time they remain inside a victim’s network before being detected is well over a year—393 days to be exact.

In the fast-paced world of cybersecurity, detection engineering is a growing discipline that helps organizations stay ahead of threats. But success isn’t just about having the right tools or detection workflows in place—it’s about making sure those tools speak the same language to help you scale your efforts and better understand your overall security posture. This is where parsers play a critical role.

With a background in philosophy, my transition into the world of cybersecurity as a penetration tester sparked a deep curiosity about the inner workings of the prolific cybercrime groups I saw in the news. To better defend against these groups, I needed to understand more about how they worked, specifically how they recruited people, vetted them, and turned their skills into a profitable business model.

The EU Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA) are shaping the regulatory landscape for cybersecurity in Europe and across the globe. While DORA focuses on the financial sector and ICT providers, the upcoming CRA will extend requirements to all digital products and services, emphasizing secure-by-design practices and software resilience.

Founded around 2022, Scattered Spider is a well-known group of young, English-speaking threat actors believed to be from the US and UK. The group—which has some members as young as 16—first gained global recognition in September 2023 when they successfully hacked the internal systems of both Caesars Entertainment and MGM Resorts, obtaining sensitive data they used to extort the casinos.

On September 18, 2025, an Analysis Report was issued by CISA that details information about two sets of malware it obtained from an organization that was compromised during May 2025. To gain initial access, the threat actors chained together known vulnerabilities outlined in CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM) before deploying the malware, which allowed them to achieve remote code execution (RCE).

Complying with the Digital Operational Resilience Act (DORA) means proving that resilience is built into daily operations through ongoing, evidence-backed practices. SafeBreach, the leader in enterprise exposure validation, helps institutions meet DORA’s key requirements by simulating real-world threats across the MITRE ATT&CK framework.