Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI DSS 4.0.1 became mandatory on March 31, 2025, bringing in 47 new requirements that fundamentally changed how compliance works. Organizations that treated PCI as an annual audit exercise now face a standard that expects real-time visibility into payment pages. Requirements 6.4.3 and 11.6.1 are the most impactful additions, which require real-time visibility into scripts and payment page changes. A spreadsheet updated quarterly can’t deliver that.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Ouch. Really ouch. Just a hop and a skip away: I suppose it is fair to point out that you need physical access to perform this. Hard, but not impossible: A win is a win.

Stripe OLT has achieved the Microsoft Cloud Security Specialisation, strengthening our position as one of the UK’s leading IT and Cyber Security providers. This certification – as well as our prior Microsoft Threat Protection Advanced Specialization certification – demonstrates our proven expertise in securing cloud environments with Microsoft’s advanced security tools.

Securing your applications couldn’t be more important in today’s fast-moving world of software development. Organizations face mounting pressure to deliver innovative software at an accelerated pace, yet this speed must never compromise security. This is where DevSecOps becomes crucial. With threats constantly getting smarter, developers need effective tools to write secure code right from the start.

We’re thrilled to share that Zenity is included in the unveiling of the Microsoft Security Store Partner Ecosystem. The Security Store is a new marketplace offering from Microsoft that brings together trusted, curated security solutions and AI agents to help organizations navigate the evolving landscape of cybersecurity in the age of AI. The Microsoft Security Store is a strategic leap forward in how security teams discover, deploy, and operationalize technologies that protect their environments.

GitHub is hardening npm publishing rules but the underlying lessons can be applied by all developers: WebAuthn for writes, OIDC, and short-lived least-privilege credentials.

Now introducing task management for Cases!

We’re thrilled to announce that Vanta has signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to make it even easier for businesses to scale securely in the cloud. We’re expanding the reach of our compliance automation and trust management platform, enabling organizations to build stronger security programs, accelerate audit readiness, and demonstrate compliance more efficiently—all while scaling on AWS. ‍

As AI adoption grows, so do the related risks. Organizations are actively looking for strategies to secure their AI systems. According to Vanta’s State of Trust Report, 62% of organizations plan to boost investments in AI security in the next 12 months. ‍ However, another recent survey on AI governance reveals that more than half of organizations find it challenging to keep up with AI security developments.

The threat groups Qilin and Akira together conducted about one-quarter of the 402 ransomware attacks tracked by Trustwave SpiderLabs in September, with the manufacturing and technology sectors receiving the brunt of these efforts. This information was derived from a new SpiderLabs ransomware tracking tool that gathers information from a variety of open intelligence sources and our own proprietary research.