Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UPI fraud spiked 85% in FY 2024, reaching ₹1,087 crore. Most of it traced back to vulnerabilities in third-party APIs and unpatched components that fintechs didn’t know they were running. As such, in July 2025, CERT-In released SBOM Guidelines 2.0, making Software Bills of Materials mandatory for all government, public, and essential services orgs, while encouraging others to adopt it as best practice. For CTOs and CISOs, the message is direct.

Ransomware is the gift that keeps on giving… and taking. I’ve been tracking ransomware for almost nine years now, and I’ve seen it progress from simple and annoying malware to an organization-ending threat for many. I’m not big on pushing FUD (Fear, Uncertainty and Doubt), so when I say that it is one of the biggest cyberthreats to organizations in the small and medium-sized business space, I am not exaggerating.

A new survey found that 50% of UK residents aged 16 to 34 cite deepfake nudes as their top worry related to AI technology, SecurityBrief reports. The survey, published by VerifyLabs, found that 35% of Brits across all age groups said sexualized deepfakes of themselves or their children were their top concern. “The study indicated that more than one in three respondents (36%) are also worried about the impact deepfakes could have on their family and friends,” SecurityBrief writes.

Privileged access management (PAM) secures critical accounts and credentials that attackers target to compromise entire systems. By removing standing privileges, enforcing just-in-time access, vaulting passwords, and monitoring sessions, PAM reduces risk and streamlines compliance.

Attackers are targeting Active Directory Certificate Services misconfigurations to impersonate admins. Netwrix is closing this gap with monitoring and blocking of suspicious certificate enrollments, easier access to security insights through MCP servers, and real-world validation via Bug Crowd. These innovations advance identity-first security and reduce organizational risk.

Penetration Testing and Managed Vulnerability Scanning (MVS) are often mentioned in the same breath, yet their true value emerges when they are combined. Each plays a distinct role in building a strong Offensive Security program, and together they form a powerful foundation for reducing risk and improving resilience. However, it is common for those not fully immersed in cybersecurity practices to either confuse or conflate these two practices.

In the first part of our series, we examined the challenges facing state and local governments as they work to secure and maintain the availability of increasingly complex digital systems. Today, we turn our focus to how collaboration—powered by shared data platforms like Splunk—can enhance incident response and overall digital resilience.

The General Data Protection Regulation (GDPR) and the UK’s Data Protection Act 2018 (DPA 18) have transformed how businesses must handle personal data. With fines of up to €20 million or 4% of global annual turnover for non-compliance, organisations cannot afford to take data protection lightly. The law‑firm DLA Piper reports that by January 2025 the total fines across Europe since GDPR came into force stood at €5.88 billion.

CYJAX has identified a growing trend of AI-based tools being developed and shared across threat actor forums for fraudulent and cybercriminal purposes, highlighting the need for proactive monitoring and defence against evolving AI-driven threats.

In late 2022, AI exploded into the mainstream with OpenAI’s ChatGPT, starting an AI-fuelled shift in both everyday life and the cyber threat landscape. Just as quickly as everyday users rushed to adopt the technology, so did threat actors. From generating phishing pretexts to writing malware and crafting deepfakes, AI systems have become both a new tool and a new target.