Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Dark web travel agencies have emerged as one of the more sophisticated and lucrative operations within the underground economy. As mentioned in the Wall Street Journal's coverage of Trustwave’s research, these shadowy enterprises offer dramatically discounted flights, luxury hotel stays, rental vehicles, and entire vacation packages, all facilitated through stolen credit card information, compromised loyalty program accounts, and forged identification documents.

It’s a well-known fact that threat actors use stolen personal data for many purposes ranging from launching phishing attacks, gaining access to an employer, or very commonly using credit card information to make purchases. What has also become somewhat common in the last eight or so years is using stolen information to support grander illegal enterprises like supplying air and hotel travel at heavily reduced prices via dark web travel agencies.

This past month, the Vanta team launched new features to help you: ‍

In 2024, Vanta’s State of Trust Report found that cybersecurity threats were the number one concern for Australian organisations. To mitigate such threats, the Australian Prudential Regulatory Authority (APRA) developed CPS 234—a robust security framework that all APRA-regulated entities must implement. ‍ CPS 234 addresses virtually all aspects of an entity’s security infrastructure, so implementation can be challenging without guidance.

PCI DSS 4.0 introduces explicit controls for managing client-side scripts on payment pages — a common target for digital skimming, Magecart, and formjacking attacks.

CrowdStrike is proud to be named a Strong Performer in The Forrester Wave: Unified Vulnerability Management Solutions, Q3 2025. We believe this recognition underscores the strength of CrowdStrike’s vision, the pace of our innovation, and the rapid adoption of CrowdStrike Falcon Exposure Management by customers transforming their vulnerability management, just 24 months after its launch.

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

CYJAX, a leading provider of real-time cyber threat intelligence, today announced the launch of its next-generation Payment Fraud Intelligence platform, a proactive solution designed to help financial institutions detect, mitigate, and prevent payment fraud before it occurs. In today’s fast-paced threat landscape, fraud teams are expected to detect, act, and refund: fast.

Code reuse has become a foundational practice in modern software development. Some estimates suggest that over 80% of developers today re-use existing code, rather than writing code from scratch, when building software applications. This trend is largely due to the open-source movement, as one might call it. There exists a massive, ever-growing public repository of open-source libraries, frameworks, and components.