top of page
Blog
What we’re seeing. What it means. What comes next.
Because understanding is the first step to staying ahead.
Threat Detection
Incident Response
Vulnerability Management
Compliance
Emerging Trends
Detection Through Deception: Where It Fits in a Modern SOC Strategy
The visibility problem we keep running into Most SIEM deployments follow a familiar pattern: collect logs, apply rules, generate alerts. That approach works, but it starts to break down in one area we regularly see during investigations - telling the difference between legitimate activity and attacker behavior when both look the same. Attackers are no longer relying on obviously malicious tools. They use valid credentials, built-in admin utilities, and approved access paths.
Why SIEMs Need Strong Detection Engineering and How We Approach It at CyberSift
There is a recurring assumption in many environments: if the SIEM is properly configured, detection is “solved.” In reality, SIEMs don’t detect threats - they execute logic. And that logic is only as good as the assumptions behind it. What we consistently observe in real-world incidents is not a lack of SIEM coverage, but a lack of detection engineering discipline. At CyberSift, this is one of the core areas we continuously invest in: expanding, validating, and maintaining de
Potentially Unwanted Software on Corporate Endpoints
During a recent proactive threat hunting exercise, we identified the presence of OneLaunch on a workstation within a monitored environment. While not classified as malware, OneLaunch falls into the category of Potentially Unwanted Programs (PUPs) - software that often arrives through bundled installers and can introduce unnecessary risk into corporate environments. At first glance, these applications may appear harmless. However, they frequently modify browser settings, intro
FortiGate Edge Devices Targeted in Recent Intrusions
Recent research published by SentinelOne highlighted a series of intrusions targeting organizations through compromised FortiOS devices. Edge infrastructure has become an increasingly attractive target for attackers. Firewalls, VPN gateways, and other perimeter devices often sit directly exposed to the internet while maintaining deep visibility into internal networks. Compromise of these systems can provide attackers with a strategic foothold that extends far beyond a single
From Alerts to Hours: The Hidden Cost of Noise
Over 1 Million Alerts — What’s Behind That Number? Over the last 7 days, this environment generated 1,107,211 alerts. At first glance, that sounds like strong security coverage. But here’s the reality: More alerts don’t mean more protection — they often mean more noise. The real question is not how many alerts were generated, but: How many of these actually matter? Use Case: SMB to Public IP To understand how this pattern behaves across the environment, we zoomed into a speci
Threat actors don't need your password or MFA to compromise your users
Cybersift is observing a modern type of phishing attacks on Office 365 users which deviate from the typical fake login web page, we analysts are typically accustomed to seeing. The new phishing attack utilizes device registration to compromise the victim’s account, meaning that the threat actor does not require to steal your password to gain entry. But this modern phishing attack is smarter than you might think. Case Study We analyzed a phishing email which utilized a device
Your Biggest Risk Isn’t Compliance. It’s Fragmentation.
In our previous article , we explored why compliance alone does not constitute a security strategy. Regulatory alignment establishes structure, but structure does not automatically translate into operational protection. The next question is where the real vulnerability lies. For many RegTech and payment institutions, it is not insufficient controls – but disconnected ones. RegTech and payment infrastructures are API-driven, cloud-dependent and transaction-intensive. They con
Compliance Is Not a Security Strategy
A Reality Check for EU RegTech & Payment Companies The European financial ecosystem - especially RegTech providers and payment institutions - lives under constant regulatory scrutiny. Between PSD2, DORA, NIS2 Directive, GDPR and PCI DSS, security is rarely ignored. Controls are mapped. Documentation is structured. Audit trails are maintained. Reports are submitted. On paper, everything looks robust. But here is the uncomfortable truth: Passing regulation does not mean you are
The Token is the Perimeter: Why OAuth is the New Frontier
The recent supply chain breach at Vercel highlights a critical blind spot: once an attacker hijacks a valid OAuth token, they don’t need to crack your password, they simply inherit your trust and walk right past your MFA No password is needed No MFA challenge is triggered No anomalous login event is created while the user is accepted Once a session token is issued, access is governed by the token alone, completely detached from the factors that created it. This is what an OAu
Data Poisoning: The Risk of Corrupted AI Training
The most significant vulnerability in the age of Artificial Intelligence isn't necessarily a flaw in the code, it’s a flaw in the information. Because AI models are built on vast amounts of data, their reliability depends entirely on the integrity of that input. This has given rise to a calculated method of attack known as data poisoning, where adversaries subtly subvert an AI’s learning process to control its outcomes. Unlike a traditional hack, data poisoning doesn't requir
bottom of page