Monday 6/23
Are You Using Everything in Your Citrix Cloud Subscription?
Features like Citrix Enterprise Browser, Remote Browser Isolation (RBI), and Secure Private Access (SPA) are included in many Advanced Plus and Premium subscriptions, but often go unused.
https://www.gothamtg.com/blog/are-you-using-everything-in-your-citrix-cloud-subscription
Cloud Attacks Retrospective: Evolving Tactics, Familiar Entry Points (Wiz)
Cloud environments are growing more complex—but attackers aren’t necessarily getting more advanced. Instead, they’re applying creativity to familiar weaknesses: misconfigurations, unpatched systems, and credential misuse.
https://www.wiz.io/blog/cloud-attack-retrospective-2025
Tuesday 6/24
The Top Cyber Attack Vectors Organizations Face (Arctic Wolf)
The dynamic nature of modern cyber threats, shaped by the ongoing back-and-forth between emerging threats and evolving security measures, makes staying ahead a persistent challenge for organizations.
https://arcticwolf.com/resources/blog/top-five-cyberattack-vectors/
PCI DSS 4.0.1: What Changed and How is this the Next Step for Universal MFA (HYPR)
PCI DSS 4.0.1 represents a limited but important revision to version 4.0. While it doesn't introduce new requirements, it provides crucial clarifications that impact how organizations implement security controls, particularly around multi-factor authentication and payment page security.
https://blog.hypr.com/pci-dss-4.0.1-what-changed-and-how-is-this-the-next-step-for-universal-mfa
Wednesday 6/25
PDFguard: AI Engine Against Growing Threats in PDFs (Check Point)
PDFs are particularly attractive to attackers due to their complex structure, which allows them to conceal harmful links, malicious code, or other dangerous content. By leveraging users’ familiarity with PDFs and using social engineering techniques, attackers increase the likelihood of deceiving recipients.
https://blog.checkpoint.com/research/pdfguard-ai-engine-against-growing-threats-in-pdfs/
Unlocking M365 Cyber Resilience: Rubrik's Data Threat Analytics and Advanced Recovery Options (Rubrik)
The Shared Responsibility Model places the M365 data and identity protection in the hands of the customer. Native tools lack the immutable, air-gapped backups and intelligently orchestrated recovery capabilities essential for handling major or minor incidents. So many M365 instances suffer from significant cybersecurity gaps.
https://www.rubrik.com/blog/technology/25/6/unlocking-m365-cyber-resilience-rubriks-data-threat-analytics-and-advanced-recovery-options
Thursday 6/26
Machine identity mayhem: The volume, variety, velocity challenge (CyberArk)
Machine identities—like the API keys, certificates, and access tokens that secure machine-to-machine connections—are swarming businesses. Yet, many teams still reach for manual tools while their systems overclock.
https://www.cyberark.com/resources/blog/machine-identity-mayhem-the-volume-variety-velocity-challenge
Tracking CVE-2025-31324: Darktrace’s detection of SAP Netweaver exploitation before and after disclosure (Darktrace)
The vulnerability, first disclosed on April 24, 2025, carries the highest severity rating (CVSS v3 score: 10.0) and could allow remote attackers to upload malicious files without requiring authentication.
https://www.darktrace.com/blog/tracking-cve-2025-31324-darktraces-detection-of-sap-netweaver-exploitation-before-and-after-disclosure
Friday 6/27
From Recovery to Resilience: Rethinking Endpoint Continuity in a Zero Trust World (IGEL)
With applications increasingly moving away from the endpoint and into the cloud, and Gartner themselves predicting that by 2030 Secure Enterprise Browsers will be a central component of application access strategies, isn’t it time to rethink the endpoint?
https://www.igel.com/blog/from-recovery-to-resilience-rethinking-endpoint-continuity-in-a-zero-trust-world/
Cybersecurity Stop of the Month: Adversary-in-the-Middle Attacks that Target Microsoft 365 (Proofpoint)
These phishing campaigns used various evasion tactics, including invisible Unicode characters and custom CAPTCHAs. They also had anti-debugging features that were designed to frustrate automated defenses and slow analysis.
https://www.proofpoint.com/us/blog/email-and-cloud-threats/aitm-phishing-attacks-evolving-threat-microsoft-365