Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity has long focused on fortifying networks, securing endpoints and blocking malicious code. Yet one of the most persistent and costly security vulnerabilities isn’t technical — it’s human. Employees routinely fall for phishing scams, mishandle sensitive data or unintentionally violate security policies. While most people don’t mean to cause harm, their behavior still introduces significant cyber risk to the organization.

Researchers at Bitdefender warn of a wave of social engineering attacks targeting WhatsApp accounts. The attacks begin with automated phone calls that instruct users to add a specific phone number to their WhatsApp contacts. The call then ends abruptly. The scammers are doing this to gather potential targets for future attacks. Most people will ignore the calls, but those who do add the number to their contacts will be more likely to fall for additional social engineering attacks.

Every DevSecOps, cloud security and even AppSec team knows the feeling: scanners flag hundreds – sometimes thousands – of critical issues across your pipelines, environments and apps. But how many of those findings actually matter? How many represent real, immediate risk to applications running in production? The uncomfortable answer? Very few. At ARMO, we’ve seen firsthand how over 60% of security findings are irrelevant hypothetical risks that will never be exploited.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! It will only ever go upwards…

Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. These installers were mainly MSI files that were delivered via phishing websites. Both the phishing pages and installers were in Chinese, indicating that the targets are Chinese speakers.

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now contend with intelligent, adaptive attacks that evolve as fast as the technology they target.

Cybersecurity firm Trellix uncovered a sophisticated spear-phishing operation in late May 2025 that exploited NetBird, a legitimate open-source remote access platform, to infiltrate organizations worldwide.

Implementing a Privileged Access Management (PAM) solution is an important step toward protecting your organization’s most sensitive data and systems. When executed correctly, PAM helps enforce the Principle of Least Privilege (PoLP), reduces your attack surface and gives security teams control over who can access what and when. However, how effective a PAM solution is depends on how it’s implemented.

Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) have become integral to modern SecOps architecture and threat detection capabilities. However, the urgency of the situation is clear—attackers are deploying increasingly sophisticated techniques to bypass threat detection centered on these systems.

Trying to stay ahead in cybersecurity can feel a bit like juggling gas-powered chainsaws while riding a unicycle across a tightrope—dangerous, noisy, and not for the faint of heart. Thankfully, security information and event management (SIEM) tools are your safety harness—keeping you steady, secure, and just far enough from the edge that you’re not plunging headfirst into the abyss of breached data, regulatory fines, and sleepless nights.