Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ISO/IEC 27001:2022 provides a framework for managing information security using an Information Security Management System (ISMS). The October 2025 deadline to upgrade from the previous ISO 27001:2013 standard is coming fast, and organizations yet to transition risk losing their certification. Maintaining ISO/IEC 27001 certification is especially relevant for regulated industries, SaaS providers with enterprise customers, and global organizations handling sensitive data.

In today’s rapidly evolving digital payment landscape, software security is no longer just a best practice—it’s a necessity. The PCI Software Security Framework (PCI SSF) sets the global benchmark for safeguarding payment applications and ensuring they are developed with security at the core. Whether you’re creating payment gateways, POS applications, or mobile payment apps, compliance with PCI SSF demonstrates that your software meets stringent security requirements.

ClickFix campaign exploits CAPTCHAs, attack activity spikes ahead of CVE disclosures, and Vietnamese-speaking threat group deploys PXA Stealer.

The Tanium Connector for Microsoft Intune enables organizations to unify, manage, and report on all their endpoints—including those across multiple Intune tenants—through a single platform, streamlining security and operations workflows.

Customers that have embraced DevOps often ask me for the best metrics to measure their program. I always advocate focusing on policy compliance as the number one metric for understanding your risk, as this provides a succinct measurement of the security of your applications. However, if you are looking to measure and motivate development teams, policy compliance doesn’t give you the granularity to introduce gamification or incentives.

On August 12, 2025, Fortinet released fixes for a critical-severity vulnerability in FortiSIEM, tracked as CVE-2025-25256. The flaw arises from improper neutralization of special elements used in an OS command within the phMonitor service (TCP/7900). Successful exploitation could allow a remote, unauthenticated threat actor to execute unauthorized code or commands via crafted CLI requests.

Trustwave SpiderLabs researchers have recently identified an EncryptHub campaign that combines social engineering with abuse of the Brave Support platform to deliver malicious payloads via the CVE-2025-26633 vulnerability. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

This release raises the bar for enterprise-grade vulnerability and exposure management. We’re delivering on the promise of smarter, faster risk reduction powered by automation, enriched data, and operational depth. From fix-level SLA tracking to scalable API workflows and stakeholder-ready reporting, every enhancement is designed to help teams do more with less, and prove it. Here’s a breakdown of some of the major product updates from Q2 2025.

Egnyte AI agents are smart, task-specific AI assistants built to automate repetitive, time-consuming work, so that your team can stay focused on high-impact and strategic tasks. From reviewing documents to researching topics or translating content, these agents act like always-on digital coworkers who execute task-specific instructions while securely leveraging information contained in your private documents and on the web.

Your API rollout is on track. Code’s tested, endpoints documented. John from security asks for the third revision of your vulnerability assessment, and your release date slips another two weeks. Sounds familiar? You are not alone. According to a recent report by Salt Security, 99% companies reported at least one API security incident in 2024-25. And here’s the kicker: 95% API attacks come from authenticated sessions, proving that tokens alone don’t cut it anymore.