Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Formjacking involves malicious code injected into payment forms that captures credit card data during transactions. The form functions normally, the payment completes, and nothing unusual appears in server logs. This happens in the browser, outside the reach of traditional server-side security controls. PCI DSS 4.0 requirements 6.4.3 and 11.6.1 extend compliance to the client side to address this.

Security teams don’t struggle to find exposures – they struggle to fix them. The new Seemplicity AI Agents change that. Integrated into the Exposure Action Platform, they combine intelligence and automation to help teams move faster, stay aligned, and reduce risk. From clear findings and ownership mapping to guided fixes and executive insights, Seemplicity’s AI Agents make exposure management truly action-driven.

To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). For our complete coverage, please see: Cybersecurity Awareness Month 2025: The Value of MSSPs and Cybersecurity Awareness Month 2025: 4 Steps to Build a Cyber Strong America.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! We all love a good site scan right?

When people talk about securing software, they typically refer to two distinct aspects. The code itself, or the servers it runs on. That makes sense. Those are the most visible parts. But what actually holds everything together isn’t either of those. It’s the pipeline in between the system that moves code from an idea in a developer’s head to something running in production. CI/CD pipeline can be easy to overlook because it often feels invisible.

In today's rapidly evolving cybersecurity landscape, organizations face unprecedented challenges. Cyber threats are not only increasing in volume but are also becoming more sophisticated and evasive, using AI themselves to enhance their attacks. The attack surface has expanded dramatically, while Security Operations Centers (SOCs) are often left with fewer resources to combat these growing threats.

In the ever-escalating battle against cyber threats, security teams are often caught in a deluge of alerts, struggling to distinguish real threats from the noise. The sheer volume of threat data can be overwhelming, leading to alert fatigue and, worse, missed detections. But what if you could really cut through the clutter and focus on what truly matters?

The Internet is in the midst of one of the most complex transitions in its history: the migration to post-quantum (PQ) cryptography. Making a system safe against quantum attackers isn't just a matter of replacing elliptic curves and RSA with PQ alternatives, such as ML-KEM and ML-DSA. These algorithms have higher costs than their classical counterparts, making them unsuitable as drop-in replacements in many situations.

The way we interact with the Internet is changing. Not long ago, ordering a pizza meant visiting a website, clicking through menus, and entering your payment details. Soon, you might just ask your phone to order a pizza that matches your preferences. A program on your device or on a remote server, which we call an AI agent, would visit the website and orchestrate the necessary steps on your behalf.

As bots and agents start cryptographically signing their requests, there is a growing need for website operators to learn public keys as they are setting up their service. I might be able to find the public key material for well-known fetchers and crawlers, but what about the next 1,000 or next 1,000,000? And how do I find their public key material in order to verify that they are who they say they are? This problem is called discovery.