inblog logo
|
Trescudo Blog
  • Main Home

Trescudo Blog

Explore the latest in cybersecurity with the Trescudo blog. Our experts provide in-depth analysis on threat intelligence, risk management, and compliance challenges in cloud, OT, and endpoint security. Additionally, you can find various guides, briefs and reports under the Resources menu item of our main website - https://trescudo.com
See AllCompliance & RiskIndustry VerticalsProducts & SolutionsCybersecurity StrategyBreach AnalysesThreat Analysis
Fluent Bit Cloud Risks & The Espionage Surge

Fluent Bit Cloud Risks & The Espionage Surge

Critical Fluent Bit flaws expose cloud infrastructure. Plus, Russian espionage accelerates with COLDRIVER and npm supply chain attacks.
Ev
Nov 26, 2025
Threat Analysis
Oracle EBS Extortion & Nutanix Ransomware Risks

Oracle EBS Extortion & Nutanix Ransomware Risks

Oracle EBS zero-days are fueling a massive extortion campaign. Plus, ransomware groups Akira and Helldown pivot to virtualization.
Ev
Nov 22, 2025
Threat Analysis
Kindness, Trust, and Zero-Trust

Kindness, Trust, and Zero-Trust

Human-centered security for EU/NIS2: how kindness, psychological safety, and zero-trust cut MTTR, boost phishing reporting, and strengthen breach communications.
Ev
Nov 12, 2025
Cybersecurity Strategy
Rhysida Malvertising, KEV Patch-Now, EY & Nikkei Breaches

Rhysida Malvertising, KEV Patch-Now, EY & Nikkei Breaches

Rhysida fake Teams ads (OysterLoader/Latrodectus), new CISA KEV vulns, EY & Nikkei breaches—actionable takeaways for EU/NIS2 teams.
Ev
Nov 11, 2025
Threat Analysis
STEM to SecOps

STEM to SecOps

Evidence-driven SecOps for EU healthcare: STEM mindset, NIS2 reporting, and 7 metrics (MTTR, restore success, KEV MTTR, supplier SLAs) that protect patients.
Ev
Nov 04, 2025
Compliance & Risk
Fluent Bit Cloud Risks & The Espionage Surge

Fluent Bit Cloud Risks & The Espionage Surge

Critical Fluent Bit flaws expose cloud infrastructure. Plus, Russian espionage accelerates with COLDRIVER and npm supply chain attacks.
Ev
Nov 26, 2025
Threat Analysis
Oracle EBS Extortion & Nutanix Ransomware Risks

Oracle EBS Extortion & Nutanix Ransomware Risks

Oracle EBS zero-days are fueling a massive extortion campaign. Plus, ransomware groups Akira and Helldown pivot to virtualization.
Ev
Nov 22, 2025
Threat Analysis
Kindness, Trust, and Zero-Trust

Kindness, Trust, and Zero-Trust

Human-centered security for EU/NIS2: how kindness, psychological safety, and zero-trust cut MTTR, boost phishing reporting, and strengthen breach communications.
Ev
Nov 12, 2025
Cybersecurity Strategy
Rhysida Malvertising, KEV Patch-Now, EY & Nikkei Breaches

Rhysida Malvertising, KEV Patch-Now, EY & Nikkei Breaches

Rhysida fake Teams ads (OysterLoader/Latrodectus), new CISA KEV vulns, EY & Nikkei breaches—actionable takeaways for EU/NIS2 teams.
Ev
Nov 11, 2025
Threat Analysis
STEM to SecOps

STEM to SecOps

Evidence-driven SecOps for EU healthcare: STEM mindset, NIS2 reporting, and 7 metrics (MTTR, restore success, KEV MTTR, supplier SLAs) that protect patients.
Ev
Nov 04, 2025
Compliance & Risk
The Revolutionary Impact of Agentic AI

The Revolutionary Impact of Agentic AI

Agentic AI turns fragmented SOC tools into a unified defence mesh—cutting MTTR, automating playbooks, and producing NIS2/DORA-ready evidence.
Ev
Oct 30, 2025
Products & Solutions
The AI Arms Race

The AI Arms Race

The cybersecurity AI arms race is here. Nation-states and cybercriminals are using AI to supercharge attacks on critical infrastructure. Learn how to fight back with an automated, AI-powered defence.
Ev
Oct 28, 2025
Products & Solutions
AWS Outage Aftermath

AWS Outage Aftermath

Breakdown of the AWS US-EAST-1 DNS incident—timeline, cost modelling, concentration risk, DORA reporting timelines, and a 7-day engineering plan.
Ev
Oct 27, 2025
Threat Analysis
How to Report NIS2 to Your Board

How to Report NIS2 to Your Board

Tired of complex NIS2 compliance reports? Learn the 4 essential, board-ready metrics that translate technical risk (Art. 21/23) into business resilience, covering IR, recovery, and supply chain.
Ev
Oct 21, 2025
Compliance & Risk
Critical Patches & Breaches

Critical Patches & Breaches

Weekly threat analysis (Oct 7–14, 2025): Oracle EBS zero-days, Salesforce leaks, SimonMed breach, GoAnywhere CVE-2025-10035—priority actions for EU/UK teams.
Ev
Oct 15, 2025
Threat Analysis
The Ghost in the Machine - Legacy Systems

The Ghost in the Machine - Legacy Systems

Legacy systems are everywhere—and risky. See how patchless protection blocks exploits when you can’t patch—WannaCry lessons, NIS2 obligations, and a modern IR plan.
Ev
Oct 13, 2025
Products & Solutions
The Swedish Catastrophe

The Swedish Catastrophe

The Swedish Catastrophe: A single vendor breach exposed the data of 1.5 million people (15% of Sweden). Learn the urgent lessons on third-party risk and national security.
Ev
Oct 08, 2025
Threat AnalysisBreach Analyses
"Who Had Access?" Can Cost You Millions

"Who Had Access?" Can Cost You Millions

After a breach, regulators will ask, "Who had access?" Learn how Privileged Access Management (PAM) provides the definitive answer and protects your business from massive fines.
Ev
Oct 07, 2025
Products & Solutions
Luxury Meets Liability: The Harrods Vendor Breach

Luxury Meets Liability: The Harrods Vendor Breach

Past-week roundup—Cisco ASA zero-days, Harrods data leak, airport disruption updates, ENISA trends, Google Drive ransomware detection.
Ev
Oct 01, 2025
Threat Analysis
Beat the Skills Gap with Automated IAM

Beat the Skills Gap with Automated IAM

Struggling with the cybersecurity skills gap in Europe? Discover why it's an identity problem at its core and how AI-powered JIT access helps secure critical infrastructure (NIS2/GDPR) without needing to hire more staff.
Ev
Sep 30, 2025
Products & Solutions
Weekly Threat Analysis (September 16-23, 2025)

Weekly Threat Analysis (September 16-23, 2025)

A critical Confluence zero-day and AI voice clone attacks (MFA Bombing) are this week's top threats. Our analysis breaks down these incidents and what they mean for your security posture
Ev
Sep 24, 2025
Threat Analysis
Airport Cyber Attacks & Incident Response

Airport Cyber Attacks & Incident Response

How airports can strengthen incident response after major cyberattacks—from Bristol FIDS ransomware to Brussels/Heathrow’s 2025 supply-chain outage.
Ev
Sep 22, 2025
Breach Analyses
New Enterprise Attack Vector

New Enterprise Attack Vector

Voice assistants like Siri & Alexa are a new enterprise attack vector. Our analysis covers the "Dolphin Attack," malicious skills, and a CISO playbook for this emerging threat.
Ev
Sep 19, 2025
Cybersecurity Strategy
Weekly Threat Analysis (Sep 9–16, 2025)

Weekly Threat Analysis (Sep 9–16, 2025)

JLR production halt, critical VMware vCenter flaws, and a surge in QR-code phishing. See what your threat detection must catch—and what to fix in 48 hours.
Ev
Sep 16, 2025
Threat Analysis
FEMA Cybersecurity Case Study

FEMA Cybersecurity Case Study

A deep-dive into the FEMA cybersecurity scandal. Discover the 'four embarrassing failures' that led to a mass firing and the urgent lessons for government agencies worldwide.
Ev
Sep 15, 2025
Breach Analyses
The Jaguar Land Rover Breach

The Jaguar Land Rover Breach

Analysis of the Jaguar Land Rover breach, a stark lesson in cybersecurity governance. See how the attack shut down assembly lines, costing millions daily, and the implications for NIS2.
Ev
Sep 11, 2025
Breach Analyses
Weekly Threat Analysis (September 2-9, 2025)

Weekly Threat Analysis (September 2-9, 2025)

Trescudo's analysis of the Salesloft supply chain breach & Sitecore zero-day. Learn the lessons from this week's top cyber threats for Benelux businesses under NIS2.
Ev
Sep 10, 2025
Threat Analysis
The Whopper of All Vulnerabilities

The Whopper of All Vulnerabilities

Analysis of the Burger King hack. Discover how a Broken Object Level Authorisation (BOLA) flaw in their API exposed customer data and what it teaches us about app security.
Ev
Sep 08, 2025
Breach Analyses
NIST CSF's Blueprint for AI Security

NIST CSF's Blueprint for AI Security

NIST's new concept paper outlines a framework for AI security using the NIST CSF. Discover the new AI attack surface and the gold standard for securing your innovative assets.
Ev
Sep 08, 2025
Products & Solutions
Anatomy of a Healthcare Breach

Anatomy of a Healthcare Breach

Deep-dive analysis of the Dutch cervical cancer screening breach. Trescudo covers the third-party risk, Nova RaaS tactics, and the lessons for Benelux businesses.
Ev
Sep 02, 2025
Breach Analyses
What Your Threat Detection Must Catch

What Your Threat Detection Must Catch

This week: Nevada ransomware, TransUnion 4.4M breach, Citrix NetScaler zero-day, and WhatsApp zero-click—plus a 48-hour threat detection plan.
Ev
Sep 01, 2025
Threat Analysis
Weekly Threat Analysis (Aug 19–26, 2025)

Weekly Threat Analysis (Aug 19–26, 2025)

Weekly threat analysis: Orange Belgium breach, OAuth/Salesforce campaign, Cisco FMC CVE-2025-20265, Apple zero-day—plus a 48-hour CISO playbook and hunt tips.
Ev
Aug 26, 2025
Threat Analysis
Threat Analysis: The Triple Threat Landscape

Threat Analysis: The Triple Threat Landscape

Benelux threat detection briefing: Orange Belgium breach, Russian “Static Tundra” Cisco exploits, and an Apple zero‑day—actions boards can take in 48 hours.
Ev
Aug 22, 2025
Threat Analysis
Cybersecurity History

Cybersecurity History

From a college prank that shut down the internet to AI-powered defences, discover the fascinating history of cybersecurity and what it means for your business today.
Ev
Aug 21, 2025
Dutch Cervical Cancer Screening Breach (2025)

Dutch Cervical Cancer Screening Breach (2025)

Nearly 485,000 women affected in a Dutch cervical screening data breach tied to a lab supplier. What was exposed, timeline, GDPR/NIS2 angle, and next steps.
Ev
Aug 11, 2025
Breach Analyses
WinRAR Zero-Day Exploited by RomCom

WinRAR Zero-Day Exploited by RomCom

RomCom (Storm-0978) weaponised a WinRAR zero-day to plant backdoors. See TTPs, NIS2 exposure, and a patch-first detection plan tailored for Benelux teams.
Ev
Aug 11, 2025
Threat Analysis
Air France–KLM Data Breach 2025

Air France–KLM Data Breach 2025

Learn how the Air France KLM data breach exposed loyalty data via a third-party SaaS, the GDPR/NIS2 penalties, and 7 steps Benelux CISOs must take now.
Ev
Aug 07, 2025
Breach Analyses
NIS2 vs. NIST CSF

NIS2 vs. NIST CSF

Compare NIS2 and NIST CSF for IT Security Benelux leaders. See overlap, gaps, fines, and a 5-step decision guide for sustainable cyber-resilience.
Ev
Aug 06, 2025
Compliance & Risk
Plague PAM Backdoor

Plague PAM Backdoor

The new Plague PAM backdoor evaded AV for a year. Learn its TTPs, IOC list and a threat-detection blueprint to secure your Linux servers in 2025.
Ev
Aug 04, 2025
Breach Analyses
Salt Typhoon Hits Orange

Salt Typhoon Hits Orange

French telecom Orange S.A. suffered a Salt Typhoon APT attack on 25 July 2025. Learn the TTPs, business impact, NIS2/DORA exposure and concrete defence steps.
Ev
Jul 30, 2025
Breach Analyses
The Human Perimeter

The Human Perimeter

Clorox lost $380 M when hackers duped a help‑desk agent. Discover how human error, not malware, drives breaches—and how to fortify your human perimeter.
Ev
Jul 29, 2025
Breach Analyses
SharePoint Under Siege

SharePoint Under Siege

A critical SharePoint vulnerability (CVE-2025-53770) is here. Learn why a "patch-and-pray" strategy is not enough and how to build true cyber resilience.
Ev
Jul 22, 2025
Breach Analyses
Data Security: AI Personas

Data Security: AI Personas

What if the person you're talking to isn't real? Discover how AI personas create new insider threats and why Data Security with DLP and XDR is your best defence.
Ev
Jul 19, 2025
Cybersecurity Strategy
The Digital Honey Trap

The Digital Honey Trap

A romance scam can turn a trusted employee into an insider threat. Learn how the 'Digital Honey Trap' works and how DLP, XDR, and Zero Trust can protect your data.
Ev
Jul 16, 2025
Products & Solutions
Zero‑Trust Security Architecture

Zero‑Trust Security Architecture

Learn how zero‑trust security architecture, micro‑segmentation and identity‑centric security stop lateral movement, meet DORA/NIS2, and cut breach costs by 40 %.
Ev
Jul 15, 2025
Cybersecurity Strategy
Mastering Risk Management

Mastering Risk Management

In uncertain times, mastering cyber risk is key. This guide offers four essential strategies for resilience, from understanding your attack surface to incident response.
Ev
Jul 15, 2025
Compliance & Risk
Made with inblog

Trescudo Blog

RSS·Powered by Inblog