Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

If you’ve been in digital assets long enough, you’ve felt the shift—from experimentation to execution. Banks, custodians, exchanges, and fintechs have laid the groundwork for a new financial ecosystem; one that can support the scale, compliance, and interoperability demands of global finance. But that isn’t just about where assets are stored. If you’re still treating custody as an endpoint rather than a gateway, that’s a problem.

Federal agencies are moving fast to unlock AI's potential—from improving citizen services to driving mission outcomes. But with all that innovation comes a new wave of complexity and risk. Security, trust, and transparency can’t be afterthoughts. They need to be part of the build and AI adoption process from day one. AI-driven development is exponentially increasing both code speed and code insecurity, as AI generates code with up to 40% more vulnerabilities than human developers.

Apple has now stopped signing iOS 18.5, now that it publicly released iOS 18.6 on July 29, 2025. Although this seems like a mundane decision, it holds important consequences, especially for power users, developers, and security researchers. For iOS 18.6 owners, downgrading to iOS 18.5 is no longer an option, baked into the way Apple has stopped signing iOS 18.5. Apple’s refusal to sign older versions makes any problem regarding restoring, installing, or downgrading to iOS 18.5 impossible.

Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE) has suffered two critical vulnerabilities CVE‑2025‑54253 and CVE‑2025‑54254 disclosed in early August 2025. According to Adobe, both flaws carry public proof-of-concept (PoC) exploits, though there are no known in-the-wild attacks as of today.

Lawyers and law firms are slowly seeking the benefits of cloud storage to help manage client data, share files securely, and keep important data backed up. In 2024, approximately 75% of attorneys used cloud storage for work-related tasks, up 6% from 2023. So, as lawyers start to adopt cloud storage, they may be wondering what the most secure cloud storage is for law firms.

Shlomi Kushchi is a seasoned system architect at Jit.io, specializing in building security solutions for dev organizations. With extensive experience in cloud computing and event-driven, microservices architecture, he empowers developers to master advanced technologies. Security experts dedicated to shaping insightful editorial content, guiding developers and organizations toward secure cloud app development. Dive into a wealth of knowledge and experience in fortifying software integrity.

I hear about a ton of similar-sounding scam calls, where the scammer is pretending to be from a service you use (or used), offering you a substantial monthly discount (30% or more) if you pay some fee ahead of time. Sometimes they take the advance fee using your credit card, and sometimes they tell you that you have to get store gift cards. Who would possibly believe that a legitimate vendor would want them to pay with store gift cards? Hundreds of thousands of people.

The FBI has issued an advisory warning that scammers are distributing QR code phishing (quishing) links via unsolicited packages sent by snail mail. Recipients may scan the code to find out where the package came from, which will land them on a phishing page. This is a variation of a “brushing scam,” where unscrupulous vendors send packages designed to harvest information that can be used in phony positive reviews.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Broadcom issues again…

‘Plague’ represents a newly identified Linux backdoor that has quietly evaded detection by traditional antivirus solutions for over a year. Its primary mechanism involves operating as a malicious PAM, allowing attackers to silently bypass system authentication and establish persistent SSH access to compromised Linux systems.