Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AI agents are rapidly transforming how software is accessed, operated, and integrated, such as automating workflows, calling APIs, and interacting with tools and SaaS platforms on behalf of users. This paradigm unlocks powerful new capabilities, but it also raises urgent questions about how sensitive data, especially credentials and secrets, should be managed.

SaaS sprawl and shadow IT create significant security vulnerabilities, exposing organizations to unmanaged apps, unauthorized access, and compliance risks. It’s simply not enough to secure access to the applications you’re actively managing. You also need to secure everything else. That’s one of the reasons we acquired Trelica earlier this year. Organizations must be capable of identifying and managing applications that are used outside of IT and security’s purview.

To address a rising attack vector: client-side JavaScript tampering on payment pages.

BERT ransomware targets Windows and Linux platforms, TGR-CRI-0045 exploits leaked machine keys to access organizations, and XWorm evolves into a modular and evasive remote access trojan.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Digital connectivity is reshaping European manufacturing, driving both efficiency and innovation. However, this shift has also created a complex and vulnerable cyber threat landscape, making manufacturing the most targeted industry for cyberattacks for the past four years. Connected systems and legacy infrastructure are colliding, expanding the attack surface and exposing manufacturers to increased risks.

Since at least February 2025, Arctic Wolf has observed Interlock Remote Access Trojan (RAT) being deployed via social engineering techniques. Recently, The DFIR Report published a technical analysis of the Interlock RAT being delivered via a social engineering technique dubbed “FileFix.” The name FileFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages.

Arctic Wolf has recently observed a widespread phishing campaign targeting multiple organizations by abusing Microsoft 365’s Direct Send feature—a feature designed for internal email delivery without requiring authentication. Threat actors can identify valid domains and recipients, then send spoofed emails that appear to originate from internal domains—often impersonating the user themself—without needing credentials or access to the tenant.

For organizations operating in the cloud, visibility is everything. You need a reliable source of truth to answer “who did what, when, and where,” whether you’re investigating a security incident, chasing compliance goals, or monitoring operational activity. Enter the Sumo Logic CloudTrail App, your go-to solution for transforming raw AWS CloudTrail logs into meaningful, actionable insights.

Welcome to the chaos. You’ve been told you need a SIEM. Maybe it was your CISO. Maybe it was your auditor. Maybe your SOC is tired of stitching together logs with duct tape and Python scripts. Doesn’t matter — you’re now on the SIEM buying journey. Congratulations… and condolences. Let’s walk through how to actually buy your first SIEM without lighting your budget (and your team’s morale) on fire.