Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍ On March 14th 2025, we detected a malicious package on npm called node-facebook-messenger-api. At first, it seemed to be pretty run-of-the-mill malware, though we couldn’t tell what the end-goal was. We didn’t think much more of it until April 3rd 2025, when we see the same threat actor expand their attack.

Nightfall has been named a leader in Data Loss Prevention (DLP), Sensitive Data Discovery, Data Security, and Cloud Data Security in G2’s Spring ‘25 reports. We’d like to extend a huge thank you to all of Nightfall’s customers and supporters for making this possible - and an even bigger thank you goes to the Nightfall team’s tireless dedication to building solutions that protect our customers’ sensitive data across the sprawling enterprise attack surface.

Phishing attacks are driving a surge in “double brokering” scams in the shipping industry, according to Christian Reilly, Cloudflare’s Field CTO for EMEA. In an article for TechRadar, Reilly explains that these scams have risen by 400% since 2022, and 50% of freight brokers name it as their top concern. “Here’s how they work: Scammers pose as legitimate freight brokers or create fake transportation companies,” Reilly writes.

Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks’ Unit 42. Quishing attacks hide phishing URLs within QR codes, allowing them to more easily evade security filters and trick the user into opening the link on their phone.

Internet memes and viral content have become a universal language of online culture. They're easily shareable, often humorous, and can spread rapidly across various platforms. However, this same virality and cultural resonance make memes an attractive vector for cybercriminals and threat actors. Anatomy of a meme Memes are nothing new, and have been around for decades. In fact, a comic published in 1921 followed one of today's most common meme themes: ‘Expectation vs.

In our recent article on Continuous Threat Exposure Management (CTEM), we highlighted how exposure assessment platforms (EAPs) like Nucleus can support several critical phases of the CTEM framework. In that article, we intentionally separated the scoping step from the other technology-dependent CTEM stages. Scoping begins as a business- and process-driven exercise. However, doing scoping well and at scale relies more on having the right technology.

In this guest post, Jason English, Director and Principal Analyst at Intellyx explores how GenAI is moving beyond chat to orchestrate real action for SOC teams. As my colleague Eric Newcomer mentioned in the previous chapter of this series, GenAI changes the security automation game, with multi-system discovery, documentation, and task execution capabilities that can reduce cognitive load and toil for security analysts.

HellCat is the name of a relatively new ransomware-as-a-service (RaaS) group that first came to prominence in the second half of 2024. Like many other ransomware operations, HellCat breaks into organisations, steals sensitive files, and encrypts computer systems - demanding a ransom payment for a decryption key and to prevent the leaking of stolen files.

In recent years, cybersecurity has undergone a radical transformation. Traditional solutions, once sufficient to protect organizations' digital assets, have become obsolete against increasingly complex cyber threats. Malicious actors now leverage advanced technologies to launch sophisticated attacks at unprecedented scales and speeds. According to the UK's National Cyber Security Centre, AI is accelerating the spread of ransomware and lowering the entry barrier for less experienced cybercriminals.