Discover how the Palo Alto Networks breach, linked to the Salesloft Drift supply-chain attack, exposed the risks of OAuth token misuse. This blog unpacks the attack process, what went wrong, industry breach statistics, and practical steps organizations can take to strengthen SaaS and supply-chain security.

ShadowCaptcha is a new campaign exploiting vulnerable WordPress sites to spread ransomware, info-stealers, and crypto miners. By luring victims with fake CAPTCHA pages, it combines technical exploits with social engineering to bypass defenses and cause severe damage.

Cybercrime is shifting from noisy botnets to stealthy, profit-driven campaigns exploiting internet-facing services (e.g., GeoServer, Redis) and IoT devices. Advanced threats like PolarEdge’s ORB botnets and Gayfemboy malware focus on persistence, covert operations, and monetization (cryptojacking, DDoS). Organizations must adopt proactive patching, anomaly detection, segmentation, and stronger security awareness to stay resilient.

Akira ransomware is exploiting a likely zero-day in SonicWall SSL VPNs, breaching even fully patched systems and moving from access to encryption within hours. The attacks highlight that patching alone isn’t enough—organizations need layered defenses, MFA, active VPN monitoring, and network segmentation. Cybersecurity must be continuous, as attackers adapt and remote access systems remain prime targets.

The arrests of Scattered Spider members have slowed attacks, but copycats still exploit phishing, MFA bypass, and SIM swaps to target organizations. This pause offers security teams a chance to strengthen defenses through updated incident response, tighter access controls, hypervisor monitoring, and employee training. Lasting resilience requires layered defenses that blend technology, processes, people, and continuous threat intelligence.

A critical RCE flaw in Microsoft SharePoint (CVE-2025-53770) is being actively exploited, with attackers chaining it to bypass MFA and gain persistent access. Given SharePoint’s deep integration with Microsoft 365, the risk of lateral compromise is severe. Organizations must patch immediately and adopt layered defenses including identity monitoring, EDR, and incident readiness to stay protected.

Is your business still relying on traditional backups to safeguard against ransomware? Our latest blog, “Beyond Backup: Why Cyber Resilience Demands a Rethink in the Age of Ransomware,” highlights why backups alone aren’t enough in today’s threat landscape. Modern ransomware doesn’t just target your data—it targets your ability to recover. From immutable backups and automated recovery testing to orchestrated recovery playbooks, building true cyber resilience requires a shift in strategy.

XORIndex Malware: North Korean Hackers Target npm Registry in Ongoing Supply Chain Attack The open-source community faces a growing challenge: supply chain attacks are no longer rare events but persistent threats. Our latest blog unpacks how North Korean threat actors are exploiting the npm registry with a new malware loader, XORIndex, as part of their broader Contagious Interview campaign. This attack highlights how software dependencies—trusted by developers worldwide—can become backdoors for sophisticated adversaries. The evolving tactics underscore why securing the supply chain is no longer optional.

600+ Laravel Applications Vulnerable to Remote Code Execution Due to Leaked APP_KEYs on GitHub In today’s fast-moving development pipelines, even one leaked secret can turn a secure application into a breach waiting to happen. Security researchers recently uncovered a critical threat: over 600 Laravel applications are exposed to Remote Code Execution (RCE) attacks after sensitive APP_KEYs were found publicly leaked on GitHub. This key isn’t just a string—it’s a gateway into encrypted sessions, authentication flows, and sensitive application data. The incident serves as a stark reminder of the importance of robust secrets management and secure development practices.