Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This summer has been big for Nightfall. From launching Nyx, our AI copilot for DLP, to expanding our detection capabilities across more platforms, we’re making it easier than ever for security teams to protect sensitive data without slowing down work. In this update, you’ll find new AI-driven features and platform enhancements designed to make your DLP workflows smarter, faster, and more precise.

Driving along on a dark highway late at night, you feel a jolt and hear a metallic crushing sound as your car hits an unknown object in the road. You nervously continue on your journey, until you see a bright light flashing on your dashboard. Your oil pressure is low because your car has been leaking oil since you hit that unknown object on the highway. Much like an unknown object in the road that leads to a slow leak, a network vulnerability can lead to a devastating data leakage or breach.

Project Acacia is a research initiative led by the Reserve Bank of Australia (RBA) and the Digital Finance Cooperative Research Centre (DFCRC) that explores how digital forms of money—including central bank digital currencies (CBDCs), stablecoins, and deposit tokens—can support the development of wholesale tokenized asset markets in Australia. Project Acacia is being conducted in two phases.

Did developers steal the spotlight of agentic workflows with the wave of AI coding assistants sweeping the media, startups, and tech? What about DevOps workflows, container security, and operating system vulnerability scanning? One of the most time consuming tasks of application security engineers and those responsible for production artifacts is tracking Common Vulnerabilities and Exposures (CVEs) and in what way they impact a bundled application.

ISO/IEC 27001:2022 provides a framework for managing information security using an Information Security Management System (ISMS). The October 2025 deadline to upgrade from the previous ISO 27001:2013 standard is coming fast, and organizations yet to transition risk losing their certification. Maintaining ISO/IEC 27001 certification is especially relevant for regulated industries, SaaS providers with enterprise customers, and global organizations handling sensitive data.

In today’s rapidly evolving digital payment landscape, software security is no longer just a best practice—it’s a necessity. The PCI Software Security Framework (PCI SSF) sets the global benchmark for safeguarding payment applications and ensuring they are developed with security at the core. Whether you’re creating payment gateways, POS applications, or mobile payment apps, compliance with PCI SSF demonstrates that your software meets stringent security requirements.

ClickFix campaign exploits CAPTCHAs, attack activity spikes ahead of CVE disclosures, and Vietnamese-speaking threat group deploys PXA Stealer.

The Tanium Connector for Microsoft Intune enables organizations to unify, manage, and report on all their endpoints—including those across multiple Intune tenants—through a single platform, streamlining security and operations workflows.

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.

On August 12, 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralization of special elements used in an OS command within the phMonitor service (TCP/7900). Successful exploitation could allow a remote, unauthenticated threat actor to execute unauthorized code or commands via crafted CLI requests.