Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

‍Modern organizations have to navigate a complex web of risks, some of which are easily controllable and others that pose a significant challenge to stability, reputation, and growth.

Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes introduces risks that, without proper API security, can compromise sensitive data and decision-making.

In February of 2025, North Korean state-backed cybercriminals stole over $1.9 billion from a popular crypto exchange. That's a mind-boggling amount of money, let alone from a breach. But here's the craziest part; it was excruciatingly simple. In short, it went down like this: an engineer was phished, attackers located static API keys — and just like that, attackers had direct access to critical cloud resources. Static credentials strike again.

Security teams today face increasing pressure to quantify the effectiveness of their application security programs. Whether it’s justifying security investments to leadership or demonstrating compliance with regulations like PCI DSS, HIPAA, and GDPR, teams struggle to showcase the real impact of their security efforts. Without clear, actionable data, proving that an AppSec program is actively reducing risk becomes a challenge. That changes today.

For founders of early-stage startups in Australia and New Zealand, growth is the ultimate goal. You’re focused on building an exceptional product, winning customers, and scaling fast. But one thing that should also be on your radar is security compliance. ‍ The reality is, compliance isn’t just about meeting legal requirements or ticking a box when an enterprise customer asks for certifications. It’s a strategic advantage.

New StilachiRAT malware enables crypto theft and reconnaissance, AMOS and Lumma stealers spread via Reddit posts, and 41% of user logins used compromised passwords.

Managing the vendor remediation process is no small feat. While on the surface, it might seem like the bulk of the heavy lifting is done once you complete your initial assessment, you (and every other security team on the planet) know this couldn’t be further from the truth. After all, if your team doesn’t constantly track remediation efforts and validate corrective actions, how else are you supposed to ensure vendors effectively mitigate the risks you identified?

Staying on top of corporate security trends may seem like a hassle, but it actually has great benefits for your organization. Understanding security trends helps businesses benchmark their performance—including within their specific industry—and strengthen their security posture to align with the best performers.

The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group’s (APWG’s) latest report. This is nearly double the amount requested during Q3 2024. The researchers found that Gmail accounts were used to launch 81 percent of BEC scams last quarter. The report also warns of a surge in SMS phishing scams impersonating toll operators in the US, driven by a popular Chinese phishing kit.

The cyber insurance industry continues to face challenges related to traditional cyber security risks, and more recently, data privacy risks. In many cases, traditional cyber insurance policies may cover legal fees or costs related to a data privacy infringement. Organizations not only get hit with class action lawsuits following incidents like breach of PII/PHI, but are seeing demand letters from law firms who are looking to protect their clients from any possible disclosure of their sensitive data.