Monday 2/24
2025 State of Code Security: Key Trends and Risks (Wiz)
The data is clear: unmanaged risks in code and version control systems present significant challenges for the modern enterprise. From alarming levels of secrets exposure to insecure CI/CD workflows, these vulnerabilities jeopardize production environments.
https://www.wiz.io/blog/state-of-code-security-report-2025
Proofpoint Research: 2024 Account Takeover Statistics (Proofpoint)
Attackers’ focus on compromising accounts is part of their larger attack strategy of focusing on your users. It follows that an optimal ATO defense must be equally strategic. This is why Proofpoint provides a comprehensive ATO defense-in-depth solution that is proactive with security awareness training, preventive with email security, and is reactive with ATO detection and response.
https://www.proofpoint.com/us/blog/threat-insight/account-takeover-statistics
Tuesday 2/25
Outpacing Ransomware: Proactive Prevention Strategies (Adlumin)
With steady infiltration tactics, rapid encryption, and relentless extortion, ransomware actors like LockBit continue to refine their attacks, making traditional security measures increasingly insufficient. Organizations must adopt a proactive, layered defense strategy to detect, prevent, and mitigate these threats before they cause lasting damage.
https://adlumin.com/post/outpacing-ransomware-proactive-prevention-strategies/
How hunting for vulnerable drivers unraveled a widespread attack (Check Point)
Moving beyond signature-based detection is becoming increasingly critical in stopping hard-to-detect threats. Behavioral analysis, heuristic scanning, and driver integrity checking can help identify suspicious driver activity, even when traditional blocklists do not flag the driver itself.
https://blog.checkpoint.com/research/how-hunting-for-vulnerable-drivers-unraveled-a-widespread-attack/
Wednesday 2/26
CrowdStrike Extends Real-Time Protection for Microsoft Entra ID to Take on Identity-Based Attacks (CrowdStrike)
With Falcon Identity Protection for Microsoft Entra ID, CrowdStrike sits inline with every Entra ID authentication request to give organizations greater control over identity-based attacks.
https://www.crowdstrike.com/en-us/blog/crowdstrike-extends-real-time-protection-for-entra-id/
Real-time Enterprise File: Redefining Legacy File with the Pure Storage Platform (Pure Storage)
As the data landscape evolves, so does the complexity of managing and accessing it. Legacy file systems, and even traditional network attached storage (NAS) solutions, are struggling to keep pace with demands for real-time agility, scalability, and efficiency. The challenges these systems pose to businesses today create a clear need for more flexible, scalable, and real-time file solutions.
https://blog.purestorage.com/products/real-time-enterprise-file-redefine-legacy-file-with-pure-platform/
Thursday 2/27
Account Compromise Arms Race: How Threat Actors Evade Phish-Resistant Security Tools (Abnormal Security)
As organizations adopt phish-resistant authentication methods, cybercriminals continue to refine their tactics. While MFA and passkeys enhance security, they are not foolproof. Defenders must stay vigilant by implementing additional security layers, such as continuous session monitoring, browser integrity checks, and rigorous endpoint protection.
https://abnormalsecurity.com/blog/how-threat-actors-evade-phish-resistant-security
Incident response lifecycle for identity-related attacks (Delinea)
It’s essential to be incident response-ready. The last thing you want to be doing is testing your incident response lifecycle in the middle of an incident. You need to know what security processes and solutions you have, where they are, and how to use them.
https://delinea.com/blog/incident-response-lifecycle
Friday 2/28
Beyond SMS: HYPR's Perspective on Gmail's Shift to QR Code Authentication (HYPR)
While Google's decision to deprecate SMS codes is a positive step, it's important to remember that QR codes are not without their own security considerations. As a relatively new technology for authentication, QR codes may not be viewed with the same level of suspicion as other, more established phishing techniques.
https://blog.hypr.com/qr-code-authentication