Topic: threat hunting
-
35 Must-Have Open-Source Security Tools for Red Teams & SOCs
The article highlights 35 essential open-source security tools for various domains like cloud security, threat hunting, and vulnerability management, aiding red teams and SOC analysts. Key tools include Autorize for authorization testing, BadDNS for DNS security, and Beelzebub for...
Read More » -
4 Time-Saving Strategies to Boost Security Monitoring
Traditional SIEM systems face challenges with data latency, storage costs, and processing overhead, making it difficult to balance comprehensive security visibility with budget constraints. Time series data approaches enable faster anomaly detection and long-term threat hunting by providing immed...
Read More » -
Building Cyber Defenses: How Nations Secure Their Digital Borders
Cyberspace is now recognized as the fifth domain of warfare, with nations integrating cyber operations into military and intelligence activities, yet accurately attributing attacks remains a major challenge. Active cyber defense strategies, such as threat hunting, are essential for resilience, en...
Read More » -
Hiring Now: Cybersecurity Jobs in October 2025
A variety of cybersecurity roles are available globally in October 2025, including positions for analysts, engineers, consultants, and leadership, with options for remote, on-site, or hybrid work arrangements. Key leadership positions like Chief Information Security Officer (CISO) involve develop...
Read More » -
The Complete AI SOC Platform: End-to-End Security
Modern security operations centers struggle with excessive alerts, detection gaps, and a shortage of skilled staff, leading to inefficiencies and vulnerabilities. Exaforce addresses these issues with a unified platform using multi-model AI and automation for enhanced threat detection, intelligent...
Read More » Australia's Cyber Crisis: A Call to Action for Businesses
Australian businesses face sophisticated cyber campaigns aimed at crippling economic stability and critical national functions, moving beyond simple data theft to cause national paralysis. The conflict in Ukraine demonstrated that cyber warfare is synchronized with military operations, targeting ...
Read More »-
Intel 471 Launches Verity471: Next-Gen Cyber Threat Intel Platform
Intel 471 launched Verity471, a unified cyber threat intelligence platform that integrates intelligence offerings into a single interface to enhance security operations and threat response. Verity471 provides actionable insights through three portfolios: Cyber Threat Exposure (identifies vulnerab...
Read More » -
Audit AI Actions, Not Its Thoughts
AI presents a dual challenge for CISOs, offering defensive capabilities like fraud detection while adversaries use it for malicious purposes, requiring organizations to defend both with and against it. Ensuring AI tools are auditable, explainable, and resilient is difficult due to their complex d...
Read More » -
ScreenConnect Flaws Exploited in Network Breaches
Cyber-attacks are increasingly using legitimate remote monitoring and management (RMM) tools like ConnectWise ScreenConnect for initial network access through phishing, providing stealthy unauthorized control. Attackers exploit ScreenConnect's features such as unattended access and VPN functional...
Read More » -
Akira Ransomware Hijacks Victim's Remote Management Tool
Hackers used the trusted Datto RMM tool and a Living Off The Land strategy to deploy Akira ransomware, disguising their actions as normal IT operations to avoid detection. The attack was halted by Barracuda Managed XDR, which detected the encryption activity and immediately isolated the compromis...
Read More » -
Patch Alert: CitrixBleed 2 Still a Threat (CVE-2025-5777)
A critical vulnerability (CVE-2025-5777) in Citrix NetScaler systems is being exploited, enabling session hijacking and unauthorized access despite Citrix's denial of confirmed attacks. The flaw allows attackers to extract session tokens via manipulated login requests, potentially compromising ad...
Read More » -
China's Salt Typhoon Hackers Target European Telecoms
A China-linked cyber espionage group known as Salt Typhoon is targeting European telecommunications providers to infiltrate critical infrastructure for intelligence gathering and surveillance. The attackers exploited a Citrix NetScaler Gateway vulnerability, deployed the SNAPPYBEE backdoor via DL...
Read More » -
Over 266,000 F5 BIG-IP Systems Vulnerable to Remote Hacks
Over 266,000 F5 BIG-IP systems are exposed online and vulnerable to remote attacks following a security breach by nation-state hackers who stole source code and details about undisclosed flaws. F5 has released patches for 44 vulnerabilities and strongly urges immediate updates, while CISA mandate...
Read More » -
F5 Source Code Stolen by Nation-State Hackers in Data Breach
F5 experienced a security breach by a nation-state actor who stole BIG-IP source code and vulnerability data, potentially enabling the creation of new exploits. The company has contained the incident, implemented security enhancements, and found no evidence of critical vulnerabilities or customer...
Read More » -
AI Is Supercharging Phishing Attacks
AI-powered phishing campaigns are becoming highly sophisticated and difficult to distinguish from genuine communications, enabling attackers to execute both widespread and targeted strategies simultaneously. Generative AI serves as a force multiplier for cybercriminals by lowering the skill thres...
Read More » -
BRICKSTORM Returns: Why Your Enterprise Must Boost Cyber Defenses
The BRICKSTORM espionage campaign targets legal, technology, SaaS, and BPO firms to steal intellectual property and sensitive data, requiring immediate cybersecurity reassessment. Its stealthy infiltration of overlooked infrastructure like network appliances and virtualization platforms allows at...
Read More » -
AI Reshapes SOC Roles Without Reducing Staff
AI is transforming SOCs by shifting roles rather than eliminating jobs, with 96% of security leaders not planning to cut staff despite AI adoption. Nearly half of leaders (44%) are moving Tier 1 analysts to advanced roles, as AI handles repetitive tasks, allowing focus on strategic initiatives li...
Read More » -
Open-Source MDEAutomator: Simplify Endpoint Security & Incident Response
MDEAutomator is an open-source tool that automates Microsoft Defender for Endpoint (MDE) management, reducing manual tasks and improving threat response efficiency. The tool offers serverless, modular capabilities like bulk automation, multi-tenant support, and centralized threat indicator manage...
Read More » -
SentinelOne Leads 2025 IDC XDR MarketScape
SentinelOne has been named a Leader in the IDC MarketScape for XDR software in 2025, highlighting its AI-native cybersecurity platform, Singularity, which unifies security data and analytics to combat threats effectively. The platform integrates endpoint, cloud, identity, and generative AI securi...
Read More » -
Exploit in Default Cursor Setting Runs Malicious Code on Dev Machines
A security flaw in Cursor AI code editor allows attackers to execute malicious code silently due to the Workspace Trust feature being disabled by default. Exploitation can lead to credential theft, file manipulation, and data exfiltration, especially risky given developers' elevated system privil...
Read More »