Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Counter Threat Unit (CTU) researchers continue to investigate trends in Contagious Interview campaign activity conducted by NICKEL ALLEY, a threat group operating on behalf of the North Korean government. The group notoriously targets professionals in the technology sector by advertising fake job opportunities, deceiving prospective candidates through a fake job interview process, and ultimately delivering malware.

On March 20, 2026, Oracle disclosed a critical (CVSS score of 9.8) vulnerability (CVE-2026-21992) impacting two Oracle Fusion Middleware components: Oracle Identity Manager and Oracle Web Services Manager. An unauthenticated attacker could exploit the vulnerability to obtain network access via HTTP and remotely execute code. Critical functions of the products are exposed due to the lack of network-level authentication. As of this publication, there are no reports of active exploitation.

The global CISO landscape: A leadership gap too large to ignore Why the world needs scalable security leadership — and MSPs and MSSPs are key to delivery The 2026 CISO Report, published by Cybersecurity Ventures in partnership with Sophos, highlights a critical imbalance in global cybersecurity leadership. Despite decades of progress and near-universal CISO adoption in Fortune 500 and Global 2000 organizations, there are still only 35,000 CISOs worldwide serving an estimated 359 million businesses.

From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR.

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.

Cyber threats are escalating rapidly, with ransomware groups multiplying and attacks becoming faster and more targeted than ever. This blog profiles four of the most active threat actors currently targeting key industries: IntelBroker, APT44 (Sandworm), Volt Typhoon, and APT45. From financially motivated cybercrime to state-sponsored espionage and infrastructure disruption, each group presents unique risks across sectors including technology, energy, government, and finance.