Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 22, 2026, Google's Threat Intelligence Group and Mandiant disclosed a campaign by a threat actor they're tracking as UNC6692. The group breached enterprise networks by impersonating IT helpdesk staff over Microsoft Teams, ultimately exfiltrating Active Directory databases and achieving full domain compromise. What's notable about UNC6692 is what they didn't do. They didn't use a zero-day. They didn't exploit a software vulnerability.

Over 300 age-related bills were introduced across several US states in 2025 alone. We’ve heard firsthand from numerous legal and compliance teams that keeping up with these regulations is incredibly overwhelming. That’s why we developed Atlas, a global database tracking evolving age assurance regulations. Atlas tracks recent legislation impacting social media platforms, adult content, age-restricted services, and other related legislation.

A credential access event fired. An AI agent investigated it, correlated it against running processes, assessed the risk, and closed the ticket. No analyst touched it. The entire loop ran in minutes. This is what security operations look like when AI can actually operate in the environment rather than advise from outside it. Security operations have always required a special kind of person.

Recent headlines heralded another unfortunate security breach: an employee of the NSW Treasury in Sydney, Australia, illegally downloaded more than 5,600 sensitive government documents, which were later recovered at his home. This was labeled a “significant cyber incident” by the NSW government and had been detected by an internal security monitoring tool that detected “movement of a large cache of documents”.

Red Team Penetration Testing is a simulated cyberattack that mimics real-world threat behavior to identify vulnerabilities, test defenses, and evaluate how effectively an organization can detect and respond to an attack. It goes beyond traditional testing by focusing on how an attacker would actually move through an environment.

AI agents create data exfiltration risk by combining three capabilities that are dangerous together: access to private data, exposure to untrusted content, and the ability to communicate externally. When all three exist in one agent, an attacker can hide instructions inside an email, document, or webpage the agent processes and trick it into sending sensitive data out. No software vulnerability is required. The attacker doesn't need to break in. They just need to talk to your agent.

We're excited to announce our new partnership with Friends Against Scams, a National Trading Standards initiative working to protect people from scams across the UK. Together, we've created a cybercrime factsheet to help individuals understand the threats they face online, who is most at risk, and where to turn for support.

Alert fatigue is quietly draining security teams, slowing response times, and increasing business risk. As cyber threats rise and alerts multiply, organisations need smarter prioritisation and actionable intelligence, not more noise.

Last week, OpenAI released Privacy Filter, an open-weight model for detecting and redacting PII in text. It is a thoughtful release: Apache 2.0 licensed, able to run locally, designed for high-throughput workflows, and built to go beyond regex-based detection. This is good news for everyone building enterprise AI. Privacy at the model layer is getting real attention. What we liked most was how clearly OpenAI described the role of the model.

Arctic Wolf has identified a targeted intrusion against a North American Web3/cryptocurrency company, which we attribute with a high confidence level to BlueNoroff, a financially motivated subgroup of DPRK’s Lazarus Group.