Phishing Scams Just Leveled Up with a Scary Microsoft O365 Attack

 

Phishing scams have just taken a major leap forward in terms of sophistication and complexity. Earlier this year, security firm Fortra observed a highly advanced phishing attack that combined multiple technologies to steal Microsoft O365 credentials. This attack used an.htm file with AES encryption, a content delivery network, and a node package manager to deliver the malicious code. What's even more alarming is that this is the first time these tactics have been seen used together in a phishing attack. The abuse of open-source repositories like npm is also a well-known threat to organizations, and this attack highlights the importance of being vigilant about email attachments and using network telemetry to detect unusual connections. To defend against these types of attacks, user training is crucial, and using an Observability and Defense Platform like PlixerOne can help you keep an eye on any new or unusual connections to CDNs or node manager packages. Join me as I break down this sophisticated phishing attack and provide tips on how to protect yourself and your organization. Don't forget to like, share, and subscribe for more cybersecurity news and updates! https://www.fortra.com/blog/threat-analysis-malicious-npm-package-leveraged-o365-phishing-attack https://www.darkreading.com/threat-intelligence/novel-phishing-attack-combines-aes-npm-packages https://www.darkreading.com/threat-intelligence/evolving-npm-package-campaign-roblox-devs

Why Your MTTR Is Too Slow — And How to Fix It Fast

 

SLASH YOUR MTTR! Join Us for a Live Webinar on Faster Incident Response & Reduced Downtime. MTTR (Mean Time to Response) isn't just a buzzword — it’s a crucial metric that can make or break your organization's ability to bounce back from incidents quickly. But here's the thing: most teams misunderstand what MTTR really means. It’s not just about reacting fast. It’s about gaining the right insights, at the right time, so you can act decisively before things escalate. This Thursday, May 22nd at 9:00AM PT, join us for a live session: "Beyond Recovery: How Faster Incident Response Reduces MTTR." Plixer Data Scientist Adam Howarth will walk you through: ✅ What MTTR really measures (and why most teams get it wrong) ✅ How network data + AI can elevate your visibility and expertise ✅ Real-world examples of organizations slashing downtime ✅ Best practices to speed up incident response for NetOps and SecOps teams If you're responsible for uptime, security, or operational performance, this is a must-attend session. 👉 Register now: https://plixer.zoom.us/webinar/register/WN_kILvZpyQR2W8OVvthqVEtg#/registration ...and take your MTTR from sluggish to streamlined. 💬 Drop your questions in the comments before the session, and we might answer them live. 🔔 Don’t forget to like, subscribe, and hit the bell so you never miss a critical tech insight.

Tech Talk: Behavioral Anomaly Detection Explained

 

AI Without the Hype. AI is everywhere these days, and every vendor is claiming magic. But here at Plixer, we’re cutting through the noise. Join Peter Silva and Plixer Data Scientist Adam Howarth for another Tech Talk in our “No-Fluff AI” series—this time on Behavioral Anomaly Detection, happening Tuesday, May 6th at 9AM Pacific. We’ll go beyond the buzzwords and talk real AI: ✔️ What behavioral anomaly detection actually is ✔️ Why temporal vectors matter ✔️ How Plixer applies it for real-time network visibility ✔️ And of course—real use cases and tangible benefits for your security operations Last time we covered Graph AI—this time it’s all about how AI learns and responds to changes in network behavior. If you’re serious about advanced detection, this is for you.

Did LockBit Just Get Locked Out? The Walmart of Ransomware's Massive Leak

 

Has the notorious LockBit ransomware gang finally met its end? In a shocking turn of events, LockBit, one of the most notorious ransomware groups, has had its own site defaced and a massive amount of data dumped. LockBit’s own leak site was defaced with a bold message: “Do not crime. Crime is bad.” Alongside that, a massive data dump was exposed — including internal chats, decryption guides, negotiation histories, and even Bitcoin wallet addresses. We’re talking about over 4,400 chats, tools to bypass specific targets, and ransom demands ranging from $4,000 to $150,000. This breach comes almost exactly one year after Operation Kronos, a major law enforcement effort that previously disrupted LockBit’s operations and led to the arrest of its alleged lead developer. Could this be the final chapter in the LockBit saga? Not so fast — a new info-stealer gang called Marco Polo has just emerged. The ransomware landscape is always shifting. 🛡️ Looking to bolster your defenses? Check out Plixer’s Field Guide with 23 proven use cases to strengthen your security and network operations. https://www.plixer.com/plixer-field-guide/ https://www.databreachtoday.com/hacker-leaks-stolen-lockbit-ransomware-operation-database-a-28350 https://www.reuters.com/technology/ransomware-group-lockbit-appears-have-been-hacked-analysts-say-2025-05-08/ https://www.darkreading.com/threat-intelligence/lockbit-ransomware-gang-hacked-data-leaked https://www.databreachtoday.com/marko-polo-inner-workings-global-infostealer-empire-a-28336 🔔 Like, share, and subscribe for more real-world cybersecurity updates!

Tech Talk- AI Engine: A look at Transformative AI for Deep Insight into Anomalous Traffic

 

Graph-based anomaly detection transforms how network operators uncover threats and service issues by providing a deeper, relationship-driven understanding of all network activity traversing the eco-system. Unlike traditional methods that analyze isolated data points or rely on predefined rules, a graph-based approach leverages AI, ML, and graph theory to map and analyze the intricate relationships between users, devices, and services. This increased contextual awareness enables operators to detect nuanced, relational anomalies—such as abnormal lateral movement, unexpected dependencies, or deviations in traffic patterns—that signal early-stage threats, misconfigurations, or service degradation. By analyzing how entities interact rather than just their individual behaviors, graph algorithms offer unparalleled visibility into evolving risks across complex, high-traffic environments. This proactive approach empowers network teams to mitigate threats and performance issues well before they impact security, reliability, or user experience. Key Takeaways for You: * Learn how graph theory AI differs from other traditional ML/AI methods * See practical approaches for constructing graph representations from IPFIX data and applying data science and machine learning models for anomaly detection in real-time * Participate in the discussion on the importance of network induction in the active modeling of network topologies What does this mean for you/your business? * Enhanced Detection Capabilities * Deeper Insights into traffic * Proactive Network Management Practitioners leveraging AI graph-based anomaly detection gain improved visibility into network behaviors, enhancing their capability to respond proactively to security incidents and operational challenges. The technique empowers network administrators, security analysts, and IT professionals to better understand the underlying relational structure of network data and pinpoint issues before they escalate.

Ransomware Rinse & Repeat: Why SMBs Are in the Crosshairs in 2025

 

Ransomware attacks may be declining in volume, but for SMBs, the costs—and the consequences—are only rising. The 2025 Sophos Cybercrime on Main Street report reveals that of SMB's impacted: 70% of small business attacks involve ransomware Over 90% for medium-sized businesses According to the report, compromised network edge devices, such as firewalls and VPNs, are a common entry point for attackers. With SMEs accounting for 90% of all businesses worldwide and 40% of the US economy, it's crucial to prioritize cybersecurity. We dig into the latest trends, real-world incidents (Marks & Spencer, Co-op UK), and how platforms like Plixer One deliver the visibility, analytics, and control to break the attack cycle. Let’s talk observability, accountability—and survival. https://news.sophos.com/en-us/2025/04/16/the-sophos-annual-threat-report-cybercrime-on-main-street-2025/?amp=1 https://www.darkreading.com/cyberattacks-data-breaches/uk-retailers-reeling-ransomware-attacks

AI Without the Hype: Behavioral Anomaly Detection Explained | Join Us May 6!

 

AI is everywhere these days, and every vendor is claiming magic. But here at Plixer, we’re cutting through the noise. Join Peter Silva and Plixer Data Scientist Adam Howarth for another Tech Talk in our “No-Fluff AI” series—this time on Behavioral Anomaly Detection, happening Tuesday, May 6th at 9AM Pacific. We’ll go beyond the buzzwords and talk real AI: ✔️ What behavioral anomaly detection actually is ✔️ Why temporal vectors matter ✔️ How Plixer applies it for real-time network visibility ✔️ And of course—real use cases and tangible benefits for your security operations Last time we covered Graph AI—this time it’s all about how AI learns and responds to changes in network behavior. If you’re serious about advanced detection, this is for you. 💡 Bring your questions. Bring your curiosity. 🗓️ Tuesday, May 6 | 9:00AM PT 🔗https://plixer.zoom.us/webinar/register/7017453336482/WN_97Flq66yRrabBjlgHOwXsQ#/registration