Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On October 15, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive ED 26-01, ordering federal agencies to mitigate a significant security breach involving F5 BIG-IP products. F5 disclosed that nation-state threat actors maintained long-term unauthorized access to internal systems, exfiltrating: This breach represents a major risk to organizations running F5 devices, especially those with exposed management interfaces or unpatched systems.

Most modern sites run significant third-party code in the user’s browser. The Web Almanac 2022 reports that the top 1,000 sites load an average of 43 third-party domains on mobile and 53 on desktop, expanding the surface for JavaScript injection attacks and supply-chain tampering. In parallel, real e-commerce compromises continue to surface. Sansec has identified more than 70,000 websites that suffered Magecart e-skimming over time.

For years, Governance, Risk, and Compliance (GRC) has been viewed as a necessary expense, an insurance policy for when things go wrong. But a new generation of CISOs is proving that when managed strategically, GRC can do far more than protect. It can unlock growth, accelerate deals, and strengthen customer trust.

A big thank you once again for all your support over the years as we celebrate the release of ionCube Encoder 15. Your trust in our product means so much to us, and as such, we’ve continued to work hard to improve it each year. With such a complex security tool, it can be challenging to keep up with the rapid pace of change in PHP, but here we are with a new release which comes with full support for PHP 8.4 syntax encoding Here’s a quick look at everything this version has to offer…

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A large incoming attack…

AI was supposed to make our lives easier. Vendors promised it would cut through complexity, detect threats faster, and lighten the load on already overworked security teams. But if you’ve been paying attention, you know the truth: AI has given us more noise than ever. Corey Brunkow from Horizon3.ai joined Nucleus co-founder and CPO, Scott Kuffer, to unpack this problem during a recent webinar. AI helps attackers move faster, but on the defensive side, it’s created a flood of data.

It’s one thing to excel. It’s another to consistently redefine the path forward. We’re proud to announce that CyberArk has been named a Leader in the 2025 Gartner Magic Quadrant for Privileged Access Management (PAM) for the seventh consecutive time. In the latest report, CyberArk is positioned furthest for Completeness of Vision—a placement that, in our view, further reinforces our position as a forward-thinking vendor shaping the future of privilege.

I have been writing about the need to better train our programmers in secure coding practices for decades, most recently here and here. At least a third of data compromises involved exploited software and firmware vulnerabilities and we are on our way to having over 47,000 separate, publicly known vulnerabilities this year. There are at least 130 new vulnerabilities learned and publicly reported every day, day after day. That is a lot of exploitation. That is a lot of patching.

Google’s Mandiant has published guidance on defending against an ongoing wave of social engineering attacks targeting organizations’ Salesforce instances. The organized criminal gang tracked by Google as “UNC6040” has been using voice phishing attacks to trick employees into granting access.

The financial services industry operates in one of the most heavily regulated environments in the business world. With sensitive client data flowing through every transaction and communication, financial institutions face an increasingly complex web of compliance requirements that can make or break their operations. Traditional approaches to data governance simply aren't cutting it anymore. The Perfect Storm of Regulatory Challenges.