July 21, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper: Playlist of Kroll's Weekly Cyber Threat Intelligence Briefings: Cyber Threat Intelligence Briefings.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Proactive vs. Reactive Asset Risk Mitigation: How Deception Helps
In today’s digital landscape, where cyber threats grow more sophisticated and frequent, organizations must prioritize robust strategies to protect their critical assets—data, systems, and networks. Asset risk mitigation is a cornerstone of cybersecurity, involving the identification, assessment, and management of risks to these valuable resources. Two primary approaches dominate this field: proactive and reactive risk mitigation.
Secure Your Data: Get Executives On Board for Better Security #cybersecurity
Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.
Most AI Fails Because of This #AIstrategy #Shorts
AI isn't analytics. It's automation. Anirban Nandi explains why starting with business value is the key to scaling AI.
No Tell Motel: Trustwave Exposes the Secrets of Dark Web Travel Agencies
Dark web travel agencies have emerged as one of the more sophisticated and lucrative operations within the underground economy. As mentioned in the Wall Street Journal's coverage of Trustwave’s research, these shadowy enterprises offer dramatically discounted flights, luxury hotel stays, rental vehicles, and entire vacation packages, all facilitated through stolen credit card information, compromised loyalty program accounts, and forged identification documents.
Travelling Through the Dark Web: Answering 6 Questions About Dark Web "Travel Agencies"
It’s a well-known fact that threat actors use stolen personal data for many purposes ranging from launching phishing attacks, gaining access to an employer, or very commonly using credit card information to make purchases. What has also become somewhat common in the last eight or so years is using stolen information to support grander illegal enterprises like supplying air and hotel travel at heavily reduced prices via dark web travel agencies.
The New Mindset: Platforms Over Products
Traditional cybersecurity tools can’t keep up with today’s threats. In this keynote address, Keeper CEO and Co-Founder Darren Guccione explores why layered products fail – and how a unified platform built on zero trust, least privilege and AI-powered automation redefines modern defense. Understand how seamless access control, real-time threat response and machine-level protection come together to secure every user, device and session.
The Future of Defence Report: IT Security Leadership in an Era of Unprecedented Cyber Threats
Based on insights from Keeper Security's Future of Defence Report, this talk reveals what over 1,000 IT professionals are seeing in today’s evolving cyber threat landscape. From AI-powered attacks and cloud jacking to memory-based exploits, modern threats are outpacing traditional defenses. Learn why conventional layered security is no longer enough, and how organizations must adopt a privileged access approach with strong authentication, authorization and encryption across every user and device.
New in Vanta | July 2025
This past month, the Vanta team launched new features to help you:
How to implement CPS 234: A 7-step compliance guide
In 2024, Vanta’s State of Trust Report found that cybersecurity threats were the number one concern for Australian organisations. To mitigate such threats, the Australian Prudential Regulatory Authority (APRA) developed CPS 234—a robust security framework that all APRA-regulated entities must implement. CPS 234 addresses virtually all aspects of an entity’s security infrastructure, so implementation can be challenging without guidance.