Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In February 2025, the cybersecurity community witnessed an unprecedented leak that exposed the internal operations of Black Basta, a prolific ransomware group. Trustwave SpiderLabs has taken an in-depth look at the leaked contents, which spell out in detail how the group thinks and operates, revealing discussions on tactics and the effectiveness of various attack tools. Even going so far as to debate the ethical and legal implications of targeting Ascension Health.

Organizations face a monumental challenge managing cyber risk and vulnerabilities across expanding digital environments. Research indicates that security teams can remediate merely 10% of detected vulnerabilities due to resource limitations, emphasizing the urgent need for optimized prioritization methods. Risk-based vulnerability management (RBVM) addresses this challenge by focusing remediation efforts on vulnerabilities posing genuine risk to specific organizational assets and infrastructure.

In the current economic environment, IT and security leaders face significant challenges. Budget optimization and prioritizing initiatives that provide real business value are crucial, particularly amidst a growingly complex and threatening threat landscape. This pressure is especially pronounced when it comes to securing the APIs essential for modern applications and linking vital data.

After covering the importance of unique usernames in yesterday's blog, we would be remiss not to take a look at the second half of most login credentials: passwords. These are important because, despite increasingly sophisticated cybersecurity technologies and methodologies, 86% of breaches still involve stolen credentials.

New technologies, regulatory shifts, and the next generation of clients are redefining the financial services industry and what customers expect from the firms they work with. Firms embracing these changes will gain a competitive edge, while those who ignore them risk falling behind. Countless technology innovations across the industry are redefining the customer experience, security, data management, and back-office functions. But what is poised to make the biggest impact in 2025?

Multi-Factor Authentication (MFA) has long been considered a robust security measure, with Microsoft research showing it can block 99.9% of automated attacks. However, recent data indicates that sophisticated attackers have developed numerous techniques to bypass MFA, making it insufficient as a standalone defense against Account Takeover (ATO) attacks.

Each month, the Fireblocks policy team takes stock of policy developments around the world that matter to our clients and to our business. Here, I share my views on the March developments I think counted the most—at times intentionally highlighting announcements that didn’t make the headlines. Starting counter-sun-wise, Washington DC saw the U.S. commitment to becoming digital asset centre of gravity take more and more concrete shape.

Newly patented transaction firewall sets a new standard in payment protection, leveraging self-learning technology that instantly blocks emerging threats, payment fraud and cyber-attacks with greater precision.

Azure Backup Vault, Azure Recovery Services Vault, and Azure Site Recovery make up Microsoft’s core suite of data protection and disaster recovery services. Azure’s vaults enable customers to store backups of entire Azure VMs, on-premise workloads, and workloads from Azure services such as Azure SQL Database, Azure Blob, and Azure Database for PostgreSQL. Azure Site Recovery integrates with Azure Recovery Services Vault to extend its backup services to support disaster recovery.

Sequenced event templates are pretty cool, but they were developed around the time that Risk-based Alerting (RBA) was developed in Splunk Enterprise Security. Additionally, they don’t have all the great context we can generate with the holistic picture provided by risk, so I want to provide guidance on how we would implement its equivalent in the RBA context as they are now deprecated in Splunk Enterprise Security 8.0. There are two approaches we can utilize that do slightly different things.