Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In our recent article on Continuous Threat Exposure Management (CTEM), we highlighted how exposure assessment platforms (EAPs) like Nucleus can support several critical phases of the CTEM framework. In that article, we intentionally separated the scoping step from the other technology-dependent CTEM stages. Scoping begins as a business- and process-driven exercise. However, doing scoping well and at scale relies more on having the right technology.

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread rapidly across various platforms. However, this same virality and cultural resonance make memes an attractive vector for cybercriminals and threat actors. Anatomy of a meme Memes are nothing new, and have been around for decades. In fact, a comic published in 1921 followed one of today's most common meme themes: ‘Expectation vs.

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42. Quishing attacks hide phishing URLs within QR codes, allowing them to more easily evade security filters and trick the user into opening the link on their phone.

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA. In an article for TechRadar, Reilly explains that these scams have risen by 400% since 2022, and 50% of freight brokers name it as their top concern. “Here’s how they work: Scammers pose as legitimate freight brokers or create fake transportation companies,” Reilly writes.

‍ On March 14th 2025, we detected a malicious package on npm called node-facebook-messenger-api. At first, it seemed to be pretty run-of-the-mill malware, though we couldn’t tell what the end-goal was. We didn’t think much more of it until April 3rd 2025, when we see the same threat actor expand their attack.

When Broadcom acquired VMware in autumn 2023, IT professionals knew change was on the horizon. However, the latest licensing updates from Broadcom have sparked widespread confusion and frustration among VMware users. Effective April 10, 2025, Broadcom is raising VMware’s minimum core licensing requirements to 72 cores. That means if you plan to place a new VMware order after that date, the minimum order you can place will be 72 cores.

On April 3, 2025, Ivanti disclosed a critical zero-day vulnerability, CVE-2025-22457, affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. This stack-based buffer overflow allows remote unauthenticated threat actors to achieve remote code execution (RCE) and has been exploited in the wild. At the time of writing, exploitation has only been observed in Connect Secure, not Policy Secure or ZTA Gateway.

Security measures aren’t keeping pace with the rate at which new technology is going to market. One of the fastest-growing segments of technology, the Internet of Things (IoT) — which includes webcams, smart thermostats, wearable health trackers, and other smart objects — is capturing the industry’s attention and growing rapidly. By 2030, the number of connected IoT devices is expected to grow to 40 billion.

Being able to find and replace specific text within strings is useful for many tasks, including data processing, automation and file management. For instance, replacing outdated information with current data is important for data standardization. PowerShell offers two primary methods for string replacement: For example, suppose we want to replace the string “Hello” with “Hi.” Here is a script for accomplishing this using the Replace() method.

The Department of Health and Human Services (HHS) will be implementing sweeping and crucial updates to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to enhance the protection of electronic protected health information (ePHI). These changes aim to address modern cybersecurity threats and ensure resilience in healthcare data management. In this blog, we will explore the key updates and their implications for healthcare providers and their business associates.