Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

From hunting threats to solving complex problems to coding on a couch, adventures in the Black Hat NOC (Network Operations Center) are always interesting. Over the last few months and several shows, I’ve had the privilege of working with one of the other NOC partners, Cisco, to design and test our first integration between Corelight Investigator and Cisco XDR.

The cybersecurity landscape has fundamentally shifted in the last several years. Adversaries are no longer just using AI to draft phishing emails; they're deploying autonomous AI agents capable of executing end-to-end attack chains, from initial reconnaissance through lateral movement and data exfiltration. Anthropic's1 analysis of recent incidents indicates a rapid acceleration in attacker adoption of agentic workflows, dramatically shortening the time between initial access and impact.

Cyber threats are escalating rapidly, with ransomware groups multiplying and attacks becoming faster and more targeted than ever. This blog profiles four of the most active threat actors currently targeting key industries: IntelBroker, APT44 (Sandworm), Volt Typhoon, and APT45. From financially motivated cybercrime to state-sponsored espionage and infrastructure disruption, each group presents unique risks across sectors including technology, energy, government, and finance.

When geopolitical tensions rise, cybersecurity quickly becomes part of the public conversation. Government agencies issue warnings. Security teams increase monitoring. Headlines start asking which organizations could become targets if cyber operations escalate alongside physical conflict. But geopolitical conflict does not suddenly create cyber risk. What it does increase is the likelihood that existing weaknesses will be tested and pre-existing risks could be exposed.

Hybrid cloud environments rarely start as a carefully planned architecture. Most organizations reach that point gradually. A few workloads move to the cloud first. Then development teams adopt additional cloud services. Meanwhile, critical systems continue running on-premise because they cannot easily migrate. Over time, the result is an enterprise hybrid cloud environment that spans multiple infrastructure layers. From a business perspective, this flexibility is useful.

Global cyber attacks increased by approximately 38% in 2025, with organisations experiencing an average of over 1,900 attacks per week. To thrive and survive in this dynamic environment, businesses must move beyond mere security and embrace a holistic strategy of cyber resilience.