Insights

Discovery Highlights Common Data Handling Gaps In May 2025, cybersecurity researcher Jeremiah Fowler identified an unsecured ElasticSearch database that had been left publicly accessible. The dataset included over 184 million records, many containing usernames and plaintext passwords associated with popular platforms such as Apple, Google, Facebook, and Microsoft. While there is no confirmation that this data has been actively exploited, the discovery underscores the ongoing need to review how credentials are managed, stored, and potentially aggregated without oversight. What Was Found The database entries included an ID tag indicating the type of account, the associated URL, and plaintext credentials. The use of the Portuguese word "Senha" for "password" may point to the original source or intended users of the system. A small sample of 10,000 records showed the following: Facebook: 479 Google: 475 Instagram: 240 Roblox: 227 Discord: 209 Additional records from Microsoft, Netflix, PayPal, Apple, Amazon, and others A…

Most industrial networks aren't taken down by ransomware. They fall because no one's watching the protocols that matter-the ENIP chatter between PLCs, the CIP commands altering logic, the silent changes that don't set off antivirus, but still shut down production. That's why Critical Path Security built its Managed Security Operations Center (MSOC) offering around one principle: You can't defend what you can't see. And now, powered by the Léargas Security platform, our MSOC provides not just visibility-but AI-enriched analytics, real-time behavioral monitoring, and a purpose-built MDR stack designed specifically for OT and ICS environments. Real Detection in the Field: AI + ACID in Action Last week, our team caught what others missed. During our real-time analysis of a mid-sized manufacturing client, our MSOC detected an unauthorized CIP Write Request (0x4D)-a command type typically reserved for changes to programmable logic. Detection wasn't luck. It was a combination of three key layers:…

Executive Summary On May 29, 2025, ConnectWise publicly disclosed a cybersecurity breach targeting its ScreenConnect remote access platform. The attack, attributed to a sophisticated nation-state threat actor, compromised a limited number of customer environments. ConnectWise has since engaged cybersecurity firm Mandiant, implemented network hardening, and has not observed further suspicious activity. This incident underscores the persistent targeting of Managed Service Providers (MSPs) and their tools by advanced adversaries, with potential implications across multiple customer environments and critical infrastructure sectors. Incident Overview Impacted Organization:ConnectWise, a provider of IT management and remote access tools, including ScreenConnect. Date of Disclosure:May 29, 2025 Type of Incident:Cyberattack linked to a nation-state threat actor Impacted System:Cloud-hosted instances of ScreenConnect Discovery:The breach was discovered internally by ConnectWise, prompting an immediate investigation in collaboration with Mandiant. Technical Details Suspected Attack Vector:While ConnectWise has not confirmed the exploit used, the security community has pointed to the possible use of…

Collecting logs isn't security. And having a tool doesn't mean you're protected. What matters is what you do with that information-and how fast you act on it. The Implementing SIEM and SOAR Platforms: Executive Guidance makes it clear: visibility without intelligence is noise. Automation without expertise is dangerous. SIEM and SOAR systems only provide value when they're properly implemented, expertly tuned, and continuously managed. That's where Critical Path Security's Managed Security Operations Center (MSOC) steps in-powered by our AI-driven enrichment engine and the Léargas XDR platform. What Our MSOC Does Differently 24/7 Threat MonitoringWe continuously monitor your systems using battle-tested detection logic and threat intelligence-so you don't miss critical alerts while your team sleeps. AI-Powered Enrichment with MCP ServersOur Multi-modal Command Processor (MCP) servers provide deep enrichment, cross-log correlation, and narrative-driven alerting, which dramatically reduce investigation time and analyst fatigue. Integrated Léargas XDRWith Léargas XDR, visibility spans across endpoints, identities,…