Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

dMSAs Are the New AD Privilege Escalation Target - Here's What You Need to Know

Windows Server 2025 introduced delegated managed service accounts (dMSAs) to improve security by linking service authentication to device identities. But attackers have already found a way to twist this new feature into a dangerous privilege escalation technique. The BadSuccessor attack lets adversaries impersonate any user — even domain admins — without triggering traditional alerts. Here’s how it works, why it’s so stealthy, and what you can do to stay ahead of it.

CrowdStrike Detects and Blocks Widespread SharePoint Zero-Day Exploitation

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

Retail Under Siege: Understanding and Combating Modern Cyber Threats

In the ever-evolving world of retail, cyber threats are no longer a distant concern, they’re a daily reality. Over the past year, around 612,000 UK businesses reported experiencing a cyber breach or attack. Phishing remains the most common and disruptive method, targeting 85% of those affected. The retail sector, in particular, sits on a goldmine of customer data, credit card details, email addresses, and purchase histories, all of which are highly attractive to cybercriminals.

Outdated Systems and Modern Attacks: Ireland's Cyber Reckoning Has Arrived

Cybercriminals don’t need to be sophisticated. They just need the opportunity—and in Ireland, there’s still too much low-hanging fruit. Many of the vulnerabilities being exploited across Irish networks today aren’t new. They’re years old. Attackers are taking advantage of outdated systems that haven’t been patched, relying on free, off-the-shelf tools to scan for weaknesses—and finding them far too easily. This isn’t a theoretical risk.

Why Security Teams Must Rethink Incident Response for Identity Attacks

Blocking a CEO's account to stop an anomaly? It might stop your business too. When implementing Identity Threat Detection and Response (ITDR), security teams must balance robust protection and business continuity. In this clip, our expert explains why blindly blocking access can cause more damage and how identity-proofing methods, like 2FA and push notifications, offer a smarter approach. Rethink your strategy to keep security seamless.

Cato CTRL Threat Actor Profile: IntelBroker

In June 2025, FBI New York and the U.S. Attorney’s Office for the Southern District of New York announced charges against “IntelBroker,” the online persona of 25-year-old British national Kai Logan West. IntelBroker operated one of the most sophisticated data brokerage operations documented in the recent history of cybercrime.

Engineered To Evade: How Phishing Attacks Are Designed To Get Through Your Secure Email Gateway

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Digital Factories, Digital Dangers: Why Manufacturing is a Prime Target for Cyberattacks

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Hyper-volumetric DDoS attacks skyrocket: Cloudflare's 2025 Q2 DDoS threat report

Welcome to the 22nd edition of the Cloudflare DDoS Threat Report. Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the second quarter of 2025. June was the busiest month for DDoS attacks in 2025 Q2, accounting for nearly 38% of all observed activity.