Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We’re excited to share new updates and enhancements for April, including: For more information on these updates and others, please read the complete list below and follow the links for more detailed articles.

Banking & Financial Services (BFS) firms are shouldering a uniquely heavy share of the global threat load. The newly released Indusface State of Application Security 2025 study paints a stark picture: Why the laser focuses on finance? Strict regulations mean banks generally run strong perimeters, so adversaries pivot to bots, API abuse, and nuanced business-logic exploits that slip past ‘default’ defences.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! With M&S last week attacked (and still dealing with it) we have another major store go down.

This blog covers five strategies that work to prevent privilege escalation and protect your organization’s critical assets. You’ll learn about ways to improve your security – from better authentication protocols to securing Active Directory. We’ll show you useful steps to lift your security stance against these ongoing threats using advanced monitoring tools like Fidelis Elevate XDR platform.

Technical leaders and risk management professionals are frequently confronted with the challenge of transitioning from outdated, manual methods towards scalable, automated solutions in the dynamic landscape of modern risk management. The evolution from traditional spreadsheet-based risk registers to contemporary programmatic risk registers epitomizes this shift.

If your organization is considering a threat detection solution, chances are good that you are wondering about EDR vs. MDR. The constant evolution of the cybersecurity marketplace can make it difficult for organizations to understand the differences and capabilities between different types of security offerings.

Threat actors use real-time deepfakes to achieve access, ToyMaker IAB works with double extortion gangs, and state-sponsored hackers use the ClickFix social engineering tactic.

With the growing adoption of automated build pipelines, the ionCube Encoder CI Edition offers a tailored solution for developers needing flexible, temporary machine licensing within their CI/CD workflows. The CI Edition is ideal for use in ephemeral environments like Docker containers or cloud-based runners, allowing encoding operations to occur seamlessly as part of your integration process. If you’re not yet familiar with this product, our FAQ entry provides a concise overview.

Cross Site Scripting (XSS) is a very serious kind of security issue saying that they target websites as well as the users who are using them. To put it simply, XSS attacks means that a hacker was able to inject malicious scripts into a website. These scripts would then run in the user's browser, many a time without the user knowing about it. Most commonly, these attacks are aimed at stealing some sensitive information, impersonating the user, or just playing around with how the website looks or behaves.