Author: Staff Writer

Essential Insights Target Expansion: The cyber-threat group Scattered Spider is now focusing on managed service providers and IT vendors to infiltrate their customers, expanding their attack vectors beyond direct retail brand hacks. Social Engineering Tactics: They employ sophisticated social engineering techniques, impersonating high-ranking employees to manipulate help desk staff into granting unauthorized access and resetting credentials. Domain Impersonation: A significant 81% of the domains associated with Scattered Spider impersonate technology vendors, with 70% of their targets in technology, finance, and retail sectors. Ongoing Investigations: Notable incidents, such as the hacks against Marks & Spencer, are under investigation to determine if…

Swimlane, AI hyperautomation for the entire security organization, announced a $45 million growth funding round led by Energy Impact Partners and Activate Capital, along with Trinity Capital. The company is on track to achieve profitability in Q3-2025, driven by sustained revenue growth, improved operating efficiency, and disciplined cost management. New investment will be applied to product innovation and global channel expansion, helping further cement Swimlane as the most powerful and widely adopted enterprise AI security automation platform. Cyber Technology Insights : New Sumo Logic Report Reveals Security Leaders are Prioritizing AI in New Solutions “Swimlane is achieving what no other stand-alone…

Google has fixed a security vulnerability in its page for recovering account details that allowed anyone to access the page and brute-force the private phone number of any user. The flaw posed a significant risk to Google users by exposing them to risk of phishing and other attacks.A security researcher who goes by the online name of Brutecat detailed on their website how the page for recovering one’s password worked without JavaScript. This meant that it also lacked protection from BotGuard, a cloud-based cybersecurity offering designed to protect websites and Web applications from malicious bots, automated attacks, crawlers, and scrapers.”This…

Fast Facts APT Group Activity: The ‘Stealth Falcon’ hacking group has been exploiting a Windows WebDAV RCE vulnerability (CVE-2025-33053) in zero-day attacks targeting defense and government sectors in Turkey, Qatar, Egypt, and Yemen since March 2025. Vulnerability Exploitation: The flaw involves malicious .url files manipulating the working directory, allowing attackers to execute code from their WebDAV servers without local file installation, enhancing stealth and evasion. Attack Methodology: The attacks utilize deceptive phishing emails containing .url files that trigger legitimate Windows tools (like iediagcmd.exe) to run malicious code from remote servers, leading to the installation of sophisticated malware like the ‘Horus…

Three-quarters of scam victims report serious emotional consequences, and nearly half struggle with mental health effects like anxiety, depression and lost trust Malwarebytes, a global leader in real-time cyber protection, released new research that reveals that in 2025, mobile scams are no longer the exception; they are the rule. In “Tap, Swipe, Scam: How everyday mobile habits carry real risk”, 1,300 mobile users across the globe detail a world where nearly half of them face mobile scams daily, emotional fallout is the new norm, and even younger generations are overwhelmed and unprotected. The findings signal a critical need for new…

Fast Facts Align Metrics with Business Goals: SOC leaders should prioritize security metrics that directly correlate with organizational objectives to effectively demonstrate SOC value to executives. Multitier Metrics Approach: Utilize a multitier metrics framework—first-tier business objectives, second-tier outcome-driven metrics, and operational metrics—to ensure executives understand the impact of security operations. Focus on Business Relevance: Present security metrics in terms of financial impact, risk management, and operational efficiency to engage executives and support informed investment decisions. Utilize Clear Communication: Use simple visuals and clear narratives when presenting data trends to make complex security metrics more digestible for non-technical executives, emphasizing the…

New investment from Metropolitan Partners Group positions Nexus IT to lead a values-aligned M&A model reshaping the managed services landscape. Nexus IT, a nationally recognized Managed Services and Cybersecurity provider, in partnership with Diatonic Healthcare, announced a $60 million capital commitment from Metropolitan Partners Group. The investment will accelerate Nexus IT’s nationwide growth strategy, fueling its acquisition of culturally aligned managed service providers (MSPs) that share its vision of exceptional client service and operational excellence— specifically in highly regulated industries such as healthcare, finance, and legal. This capital commitment marks a pivotal milestone in Nexus IT’s journey to build a next-generation M&A platform—one that stands apart from conventional investor rollups. Rather than pursuing scale at all costs, Nexus IT is expanding through a founder-led, mission-aligned approach focused on…

Quick Takeaways AI Integration: AI is set to significantly transform Security Operations Centers (SOCs) by automating repetitive tasks, but human oversight remains essential for managing cybersecurity incidents and understanding unique network configurations. Task Automation Limitations: While AI can assist with complex search queries and incident summaries, reliance on AI for crucial tasks like patching legacy systems or strategic risk analysis poses risks due to its current limitations in replicating human judgment and expert knowledge. Workforce Enhancement: Experts stress that AI should be viewed as a tool to enhance SOC analysts’ skills rather than a replacement; organizations risk underdeveloping staff if…

Top Highlights Operation Secure, led by Interpol from January to April 2025, disrupted infostealer malware networks across 26 countries, resulting in 32 arrests, the seizure of 41 servers, and the takedown of over 20,000 malicious IPs/domains. The operation targeted infostealers that steal sensitive financial and personal data, including account credentials and cryptocurrency information, selling this data on cybercrime markets or using it for targeted attacks. Significant outcomes included the notification of 216,000 victims and the identification of a large cluster of 117 servers in Hong Kong serving as command-and-control infrastructure for various cyber scams. Collaborating with private cybersecurity partners like…

Under new agreement, Cloudinary will power Akamai Video Manager and join Akamai’s Qualified Compute Partner Program Akamai Technologies, the cybersecurity and cloud computing company that powers and protects business online, announced a strategic partnership with Cloudinary under which its next-generation Video Manager solution will be powered by Cloudinary. The new alliance brings Cloudinary’s AI-powered video solution to Akamai Video Manager customers to make video management and delivery easier by alleviating common video challenges, including performance optimization and time-intensive post-production work. Together they will address the growing demand for and need to deliver exceptional video experiences, for every user, on any device and channel.…