Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cato CTRL researchers recently identified an undocumented, active phishing campaign targeting Brazilian organizations with fake business-document lures, downloading a NinjaOne Remote Monitoring and Management (RMM) agent. The use of NinjaOne is particularly significant, underscoring how attackers no longer need exotic malware to penetrate an enterprise. Familiar business workflows and software is enough.

In large enterprises, the hardest security decisions are rarely made in the SOC. They are made in board meetings, budget reviews, audit discussions, customer escalations. The most dire are often represented in the moments when leaders have to decide what matters now, what can wait, and what risk the business is actually taking on. The real GRC problem is no longer how to manage more work. It is how to help the business make better decisions with higher confidence. CISOs do not need another workflow.

Analysts summarized by the PCI Security Standards Council found that breaches in scope for PCI frequently involved card data. Teams already know the risk. The hard part is proving, month after month, that the controls around that data stayed in place and kept working. That is why many PCI DSS audits stall in the same places: scattered evidence, undocumented scope changes, firewall rules that drifted after a change window, and logs that exist but were never centralized.

Most Drupal security strategies focus on protecting user accounts before login. Organizations invest in strong passwords, multi-factor authentication (MFA), and Single Sign-On (SSO) to prevent unauthorized access. While these controls are important, security risks do not disappear once a user successfully authenticates. Users may remain logged in for extended periods, share credentials with others, access accounts from multiple devices simultaneously, or leave active sessions unattended.

In VMware environments, replication can be implemented using one of two modes for handling I/O changes: snapshots or journaling. Each approach has advantages and disadvantages. The key differences lie in how they manage data consistency, change tracking and recovery.

For most of the Internet’s history, public and private infrastructure operated as separate worlds. Public applications lived behind content delivery networks (CDNs) and web application firewalls (WAFs). Private applications lived behind virtual private networks (VPNs), firewalls, and separate operational stacks. We think that distinction is becoming obsolete.

Anthropic recently announced the release of Claude Fable 5, a public version of its more powerful Mythos AI model. Technology that was previously only accessible to a select few organizations is now available to businesses at an enterprise level. AI vendors are building the guardrails while threat actors are studying their attack vectors. Essentially, we are giving the keys to the AI world to businesses and hoping the guardrails hold steady. Security teams need to prepare even faster now.

Third-party assessments often succeed at one thing: surfacing where a vendor falls short. But the process that follows can be difficult to scale across a growing vendor ecosystem.

There is a saying you will hear from veterans in the Black Hat Network Operations Center (NOC): “Threat hunting on the Black Hat network is like trying to find a needle in a stack of needles." With dozens of training classes running live exploit chains, capture-the-flag traffic, and researchers probing every corner of the internet, our Corelight sensors generate a rich set of Zeek logs, many of which can look suspicious in varying degrees.

This post is based on Mackenzie's conversation with James Hawkins on The Secure Disclosure podcast. Listen to the full episode or watch below. PostHog's engineering team is merging roughly as many pull requests through Slack as through their code editor. As James Hawkins, co-founder and co-CEO of PostHog, explains on the podcast, the shift towards dispersed coding interfaces is underway. "Why are code editors all desktop apps right now? That's a relic of the past.