Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Autonomous agents are changing the way we think about security. Not in the distant future, right now. These systems (intelligent, self-directed, and capable of making decisions) are starting to play an active role in the SOC. They’re not only collecting data; they’re analyzing it, correlating alerts, prioritizing risks, and even initiating response actions. This is Agentic AI, and it makes people nervous. In security, autonomy often gets mistaken for loss of control.

Code reuse has become a foundational practice in modern software development. Some estimates suggest that over 80% of developers today re-use existing code, rather than writing code from scratch, when building software applications. This trend is largely due to the open-source movement, as one might call it. There exists a massive, ever-growing public repository of open-source libraries, frameworks, and components.

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

PCI DSS 4.0 introduces explicit controls for managing client-side scripts on payment pages — a common target for digital skimming, Magecart, and formjacking attacks.

In 2024, Vanta’s State of Trust Report found that cybersecurity threats were the number one concern for Australian organisations. To mitigate such threats, the Australian Prudential Regulatory Authority (APRA) developed CPS 234—a robust security framework that all APRA-regulated entities must implement. ‍ CPS 234 addresses virtually all aspects of an entity’s security infrastructure, so implementation can be challenging without guidance.

This past month, the Vanta team launched new features to help you: ‍

It’s a well-known fact that threat actors use stolen personal data for many purposes ranging from launching phishing attacks, gaining access to an employer, or very commonly using credit card information to make purchases. What has also become somewhat common in the last eight or so years is using stolen information to support grander illegal enterprises like supplying air and hotel travel at heavily reduced prices via dark web travel agencies.

Dark web travel agencies have emerged as one of the more sophisticated and lucrative operations within the underground economy. As mentioned in the Wall Street Journal's coverage of Trustwave’s research, these shadowy enterprises offer dramatically discounted flights, luxury hotel stays, rental vehicles, and entire vacation packages, all facilitated through stolen credit card information, compromised loyalty program accounts, and forged identification documents.

In today’s digital landscape, where cyber threats grow more sophisticated and frequent, organizations must prioritize robust strategies to protect their critical assets—data, systems, and networks. Asset risk mitigation is a cornerstone of cybersecurity, involving the identification, assessment, and management of risks to these valuable resources. Two primary approaches dominate this field: proactive and reactive risk mitigation.