Last week, ENISA released its Threat Landscape 2025.

It offers a detailed look at how Europe’s cyber ecosystem is evolving. The picture that emerges shows growing strain, where interconnected systems and persistent threats keep testing resilience.

Among the developments: faketivism blurring lines between actors, phishing services lowering barriers, and AI reshaping how attacks unfold.

📄 Read the report here: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025

🔐 New #blogpost

At H2, we recently moved from authenticator apps to #YubiKey (FIDO2) for company-wide MFA in Entra ID.

Why? Because it enables phishing-resistant, passwordless sign-ins at scale, raising the bar for our security.

But this move didn't come without its challenges. Read about our journey here: https://www.huntandhackett.com/blog/raising-security-with-yubikey

Cyber espionage reaches far beyond governments, it impacts more organisations than you think.

At our next CyberConnect on Sept 9 in The Hague, we’ll share real investigations, explain why even low-profile orgs are targeted, and give a live demo on tracking campaigns.

Seats are limited. Sign up today: https://www.huntandhackett.com/understanding-cyber-espionage

#CyberSecurity #ThreatIntelligence #CyberEspionage

⚠️ The Hacker News just spotlighted a growing threat: SEO poisoning campaigns delivering malware through fake tool websites.

Attackers are mimicking trusted apps like PuTTY, Zoom, and ChatGPT, pushing them high in search results. Over 8,500 SMB users were targeted in just four months.

The article breaks it down clearly. If you haven’t read it yet, it’s worth your time.

Read it here: https://thehackernews.com/2025/07/seo-poisoning-campaign-targets-8500.html

👤Threat Actor Profile: Sandworm

Linked to Russia’s GRU and active in 60+ countries, Sandworm targets critical infrastructure with sabotage, espionage, and disruption. 🇷🇺

🔗 Curious to learn more about this APT? Explore their threat profile in our Members' Portal: https://www.huntandhackett.com/members/actors/sandworm

🔗 Not a Member yet? Sign-up today: https://www.huntandhackett.com/members/register

🚨New #blogpost: This week we're unpacking our journey of using open-source software to build an innovative cloud-based IR lab from scratch, highlighting key obstacles we encountered along the road and explaining how we transformed these into opportunities.

We share:
🔶 Velociraptor + Dissect hiccups;
🔶 Misinterpretation of IPv6 addresses in Linux UTMP logs;
🔶 Enhancing Timesketch for large scale investigations.

🔗 https://www.huntandhackett.com/blog/turning-incident-response-challenges-into-scalable-solutions

Launching #DetectionsFromTheSOC 🚀

We're excited to announce our new series, 𝘋𝘦𝘵𝘦𝘤𝘵𝘪𝘰𝘯𝘴 𝘧𝘳𝘰𝘮 𝘵𝘩𝘦 𝘚𝘖𝘊, in which we share a behind-the-scenes look of how our SOC detects, investigates, and responds to real-world threats.

Case #1: Infostealer via fake CAPTCHA

We intercepted an attack where the intruder didn’t break in, but logged in. The entry point? A fake “I’m not a robot” CAPTCHA prompt.

👉 Want to read the full story? Head on over to our LinkedIn to check it out: https://www.linkedin.com/feed/update/urn:li:activity:7336321179005165568

🎤 We’re proud to sponsor and speak at Hague TIX on June 10!

The event is a focused gathering of Europe’s top threat intelligence minds.

We'll explore Europe’s path to cyber resilience and strategic autonomy, and dive into Lazarus and SeaTurtle operations in the Netherlands.

#CyberSecurity #ThreatIntel #HagueTIX #APT

Our next CyberConnect session is coming up: Security in Motion!

In this session, tailored for security, IT, and risk professionals, we explore how changing geopolitical dynamics, growing technological dependencies, and new attack techniques are raising the bar for digital resilience.

Visit our website for more information, and to sign-up: https://www.huntandhackett.com/security-in-beweging

🚨 New blog!

In it, we dive into reverse-engineering AFD.sys (a hidden part of Windows networking) to surface live socket data from other processes. This unlocks new capabilities for forensics, debugging, and reverse engineering.

📃 Read it here: https://www.huntandhackett.com/blog/improving_afd_socket_visibility

🔧 Explore our tool: https://github.com/huntandhackett/AfdSocketViewer

We've updated our threat landscape on the logistics sector 🚛

On it, you'll find detailed actor overviews, analyses of recent cyberattacks in the logistics sector, and insights into emerging cybersecurity trends.

Curious? Take a look: https://www.huntandhackett.com/members/sectors/logistics

Als advocaat ben je vaak het eerste aanspreekpunt bij een cyberincident. Maar hoe zorg je dat jouw cliënt meteen de juiste stappen zet? En hoe werk je optimaal samen met technische experts onder tijdsdruk?

Op 16 mei organiseren we een interactieve workshop voor advocaten die cliënten adviseren op het gebied van privacy, informatiebeveiliging en incident response waarin we praktische kennis over digitale hygiëne combineren met onze ervaringen uit het veld.

Sign-up: https://www.huntandhackett.com/crisisworkshop-advocaten

𝐉𝐨𝐢𝐧 𝐮𝐬 𝐚𝐭 𝐆𝐨𝐨𝐠𝐥𝐞 𝐀𝐦𝐬𝐭𝐞𝐫𝐝𝐚𝐦 𝐟𝐨𝐫 𝐨𝐮𝐫 𝐮𝐩𝐜𝐨𝐦𝐢𝐧𝐠 𝐬𝐞𝐬𝐬𝐢𝐨𝐧:
Securing Operational Technology: Fast Response, Strong Recovery

𝘞𝘩𝘢𝘵 𝘩𝘢𝘱𝘱𝘦𝘯𝘴 𝘸𝘩𝘦𝘯 𝘵𝘩𝘦 𝘴𝘺𝘴𝘵𝘦𝘮𝘴 𝘺𝘰𝘶 𝘳𝘦𝘭𝘺 𝘰𝘯 𝘦𝘷𝘦𝘳𝘺 𝘥𝘢𝘺 𝘴𝘶𝘥𝘥𝘦𝘯𝘭𝘺 𝘴𝘵𝘰𝘱 𝘸𝘰𝘳𝘬𝘪𝘯𝘨?

Together with Xebia, we’re hosting a session on how to boost operational resilience, secure OT environments, and align with evolving regulations.

Sign-up here: https://www.huntandhackett.com/securing-ot

Yesterday, our security experts discussed the evolving threat landscape around the upcoming NATO summit in The Hague.

A great opportunity to highlight cyber threats beyond the traditional security community; cross-domain awareness is key in today’s threat landscape.

Our hunters tackled the 44th edition NN Marathon Rotterdam! 🏁

Their legs might be sore today, but the bliss of victory was more than worth it. After all, every win starts with a challenge.

Huge respect to everyone who took on #demooiste with us. See you at the next one.

New #blog post! A collaboration between Xebia and Hunt & Hackett ⚔️

As businesses become more interconnected, Operational Technology (OT) is increasingly targeted by cyber threats. In this blog, we explore OT security and raise awareness about its growing risks.

Read the full blog here: https://www.huntandhackett.com/blog/evolving-threat-of-ot

Excited to share our 2025 Trend Report, which explores key themes shaping the cybersecurity landscape in the year ahead.

We investigate:
👉 The #cybercrime economy and the rise of Business Email Compromise
👉 The impact of #GenAI and the hype surrounding it
👉 The increasing sophistication of #nationstate threats
👉 Opportunities, challenges and risks of the #NIS2 Directive

Huge thanks to our expert contributors for sharing their insights!

Download the report here: https://www.huntandhackett.com/2025-trend-report

🚜 𝐖𝐞’𝐯𝐞 𝐔𝐩𝐝𝐚𝐭𝐞𝐝 𝐨𝐮𝐫 𝐓𝐡𝐫𝐞𝐚𝐭 𝐋𝐚𝐧𝐝𝐬𝐜𝐚𝐩𝐞 𝐨𝐧 𝐭𝐡𝐞 𝐀𝐠𝐫𝐢𝐜𝐮𝐥𝐭𝐮𝐫𝐞 𝐒𝐞𝐜𝐭𝐨𝐫 🌱

The Netherlands is a global leader in #Agriculture, driving innovation and shaping the future of farming. But with this leadership comes increased #cyber risk. To help you stay ahead, we’ve updated our threat landscape on the Agriculture sector.

🔗 Explore it here: https://www.huntandhackett.com/threats/sectors/agriculture

Want to dive deeper? Our full, in-depth insights are available exclusively in our MemberPortal. 🔐

🚨Dutch universities are increasingly targeted by cybercriminals, but many still lack fundamental security protections.

In an interview with De Telegraaf, Hunt & Hackett co-founder Ronald Prins highlighted the risks of poor threat detection and the urgent need for proactive security measures. Without continuous monitoring, cyberattacks go unnoticed for too long.

Read the article here ➡️ https://www.telegraaf.nl/nieuws/295152965/universiteiten-kwetsbaar-voor-cyberaanvallen-bevinden-ons-in-kennisoorlog

While TU Eindhoven works on mitigating the incident, it’s worth asking: how do we ensure that institutions leading in innovation can continue to do so securely? Are we doing enough to protect the data and research that drive progress? Or how can we help, let us know!

Find out more about how different threat actors operate and the evolving threat landscape by visiting our member portal.

Become a member: https://www.huntandhackett.com/members/register

Direct (member) link: https://www.huntandhackett.com/_hcms/mem/login?redirect_url=https%3A%2F%2Fwww.huntandhackett.com%2Fmembers%2Factors%2Fapt29

6/🧵