Monday 10/20
Microsoft Dominates Phishing Impersonations in Q3 2025 (Check Point)
According to Check Point Research’s Brand Phishing Report for Q3 2025, Microsoft accounted for 40% of all brand impersonation attempts this quarter, holding its place as the most targeted company worldwide. The dominance of major tech players in phishing campaigns shows no sign of slowing.
https://blog.checkpoint.com/research/microsoft-dominates-phishing-impersonations-in-q3-2025/
AI, Quantum Computing and Other Emerging Risks (Palo Alto Networks)
Emerging risks will wait for no one. Attackers are experimenting with AI just as businesses are, and quantum computing is advancing whether organizations are ready or not.
https://www.paloaltonetworks.com/blog/2025/10/ai-quantum-computing-emerging-risks/
Tuesday 10/21
Defensive AI Meets the Inbox: The CISO Guide for the AI Arms Race (Abnormal AI)
What once required technical sophistication and painstaking effort can now be achieved with freely available tools: phishing kits crafted to perfection, BEC emails threaded seamlessly into prior conversations, malware that evolves autonomously with every execution. The result is an arms race in which adversaries scale their operations with unprecedented speed, while defenders risk being overwhelmed by volume, variety, and velocity.
https://abnormal.ai/blog/defensive-ai-meets-the-inbox
Key Capabilities and Benefits of an MDR Solution (Arctic Wolf)
In this landscape, comprehensive, 24×7 visibility across the IT environment is not just helpful, but essential. Even minor visibility gaps can result in delayed or missed detections. However, with security being one of many competing IT priorities, achieving this around-the-clock threat monitoring is a major challenge for many.
https://arcticwolf.com/resources/blog/10-key-advantages-of-mdr-solution/
Wednesday 10/22
Diagnosing the Data Disorder: Why Data Competency Is Critical for Modern Businesses? (Pure Storage)
Data has become paramount to the success of any AI implementation. But besides AI, there are three elements that are pushing data behavior into new realms and that demand even more expertise. These forces are like a perfect storm in data management.
https://blog.purestorage.com/perspectives/data-competency-business-dataops-specialist/
Microsoft’s emergency Windows 11 update fixes a nasty system recovery bug
Microsoft is now rolling out an out-of-band fix for Windows 11 to address a major bug the company introduced with its latest monthly Windows 11 update. The original update released on October 14th accidentally broke the Windows Recovery Environment (WinRE), leaving people unable to use a USB mouse or keyboard to recover their PCs or factory reset them.
https://www.theverge.com/news/803373/microsoft-windows-11-emergency-update-usb-mouse-keyboard-recovery-environment-issues
Thursday 10/23
Beyond credentials: weaponizing OAuth applications for persistent cloud access (Proofpoint)
Once an attacker gains access to a cloud account they can create and authorize internal (second party) applications with custom-defined scopes and permissions. This capability enables persistent access to critical resources such as mailboxes and files, effectively circumventing traditional security measures like password changes.
https://www.proofpoint.com/us/blog/threat-insight/beyond-credentials-weaponizing-oauth-applications-persistent-cloud-access
Ransomware Reality: Business Confidence Is High, Preparedness Is Low (CrowdStrike)
Adversaries are using AI to operate at machine speed and evade defenses. Despite this evolution, many organizations are overconfident in their ability to defend against ransomware. Half of the 1,100 global security leaders surveyed believed they were “very well prepared” for ransomware, but 78% of their organizations were attacked in the past year.
https://www.crowdstrike.com/en-us/blog/ransomware-reality-business-confidence-is-high-preparedness-is-low/
Friday 10/24
How Automated Certificate Lifecycle Management Supports Data Security at Scale (Entrust)
Automated certificate lifecycle actions like renewal, alongside reporting and alerting, reduces the risk of these security vulnerabilities. With an automation-first framework, IT teams can rest assured that hundreds or thousands of certificates are issued, renewed, and/or revoked per organizational policies.
https://www.entrust.com/blog/2025/10/certificate-automation
Cato CTRL™ Threat Research: Preventing Privilege Escalation via Active Directory Certificate Services (ADCS) (Cato Networks)
A threat actor who successfully retrieved a certificate signed by the on-prem ADCS server can extend the trust between Entra CBA and the on-premises public key infrastructure (PKI) in order to move laterally to the cloud.
https://www.catonetworks.com/blog/cato-ctrl-preventing-privilege-escalation-via-active-directory-certificate-services-adcs/