Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Companies face increasingly complex challenges every day, including cybersecurity threats aimed at disrupting their digital operations. One of the most frequent and damaging is the DDoS attack, which can take websites, applications, and critical services offline. Understanding what is a ddos attack is essential to identify risks, prevent attacks, and protect your organization’s digital infrastructure. In recent years, there have been attacks that marked a turning point in cybersecurity.

Compliance today isn’t just about ticking boxes or avoiding penalties, it’s a direct reflection of your organization’s security maturity. Many modern compliance frameworks now mandate regular testing for network vulnerabilities, which remain one of the leading causes of security breaches. In fact, in 2024, nearly 70% of reported incidents were linked to high-impact vulnerabilities that organizations failed to identify or prioritize.

Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. Here’s how it works, why it’s so stealthy, and what you can do to stay ahead of it.

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

In the ever-evolving world of retail, cyber threats are no longer a distant concern, they’re a daily reality. Over the past year, around 612,000 UK businesses reported experiencing a cyber breach or attack. Phishing remains the most common and disruptive method, targeting 85% of those affected. The retail sector, in particular, sits on a goldmine of customer data, credit card details, email addresses, and purchase histories, all of which are highly attractive to cybercriminals.

Cybercriminals don’t need to be sophisticated. They just need the opportunity—and in Ireland, there’s still too much low-hanging fruit. Many of the vulnerabilities being exploited across Irish networks today aren’t new. They’re years old. Attackers are taking advantage of outdated systems that haven’t been patched, relying on free, off-the-shelf tools to scan for weaknesses—and finding them far too easily. This isn’t a theoretical risk.

In June 2025, FBI New York and the U.S. Attorney’s Office for the Southern District of New York announced charges against “IntelBroker,” the online persona of 25-year-old British national Kai Logan West. IntelBroker operated one of the most sophisticated data brokerage operations documented in the recent history of cybercrime.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.