Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Wallarm’s latest Q3 2025 API ThreatStats report reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from REST to AI-powered APIs. Here’s what stood out this quarter, and what security leaders should do about it.

The Common Vulnerability Scoring System (CVSS) has been the industry’s go-to framework for assessing vulnerability severity for nearly two decades. It provides a standardized way to measure and communicate the technical impact of a vulnerability. As threat landscapes evolve and organizations mature in their vulnerability management practices, questions about its relevance and limitations persist. That even led to our co-founder, Scott Kuffer, writing a defense of the algorithm earlier this year.

The promise of large language models is simple: turn messy text and data into instant answers, drafts, and decisions. The catch is simple: those models are hungry, and the most valuable data you own is also the most sensitive. If that escapes, you have legal, brand, and trust problems. This is where the story shifts. How LLM Privacy Tech Is Transforming AI is about making real deployments possible.

Have you ever wished for a tool that could guide you, even on the foggiest days? That was my father’s compass. He carried it not because it told him where he was, but because it reminded him where true north was. I spent twelve years in the U.S. Navy as a cybersecurity practitioner, and that same compass has stayed with me. And in the world of SIEM and threat detection, the Gartner Critical Capabilities for Security Information and Event Management (SIEM) report feels like that compass.

The EU Artificial Intelligence Act (AI Act) introduces the world’s first comprehensive regulatory framework for artificial intelligence. It defines clear rules for how AI systems are built, deployed, and monitored, focusing on risk management, data governance, transparency, and accountability. Any organization offering AI-powered products or services to EU users (or processing EU data) must comply.

Kubernetes adoption is growing, and managing secure and efficient network communication is becoming increasingly complex. With this growth, organizations need to enforce network policies with greater precision and care. However, implementing these policies without disrupting operations can be challenging. That’s where Calico Whisker comes in. It helps teams implement network policies that follow the principle of least privilege, ensuring workloads communicate only as intended.

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community)

Formjacking involves malicious code injected into payment forms that captures credit card data during transactions. The form functions normally, the payment completes, and nothing unusual appears in server logs. This happens in the browser, outside the reach of traditional server-side security controls. PCI DSS 4.0 requirements 6.4.3 and 11.6.1 extend compliance to the client side to address this.

Security teams don’t struggle to find exposures – they struggle to fix them. The new Seemplicity AI Agents change that. Integrated into the Exposure Action Platform, they combine intelligence and automation to help teams move faster, stay aligned, and reduce risk. From clear findings and ownership mapping to guided fixes and executive insights, Seemplicity’s AI Agents make exposure management truly action-driven.

To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). For our complete coverage, please see: Cybersecurity Awareness Month 2025: The Value of MSSPs and Cybersecurity Awareness Month 2025: 4 Steps to Build a Cyber Strong America.