Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Something you might need to be aware of…

Iframes are a common tool for embedding content on websites. But they can also bring risks if not handled right. In 2025, it is important to secure iframes. This helps protect your site and meet PCI DSS rules for iframes while avoiding security vulnerabilities. This guide will show you how to secure your iframe, make it compliant, and keep your web security for iframes strong. It includes a table of contents to help you navigate the steps. Let’s get started!

NIS 2 is a new EU directive that establishes a unified cybersecurity framework for specific organizations within Member States. Compared to the original NIS directive, the scope has been expanded, and compliance is mandatory for in-scope organizations. ‍ The broader scope means that while NIS 2 is EU-specific, some organizations outside the Union may also be subject to its requirements.

Read also: Denmark gives out first unconditional prison sentences for digital piracy, one of world’s largest CSAM platforms Kidflix dismantled, and more.

As of 2024, 75 active ransomware groups targeted healthcare industries, businesses, and individuals with the aim of threatening these individuals with data loss or leaks in return for large payouts to decrypt this data. Many security organizations and cybersecurity experts are fighting to prevent ransomware from becoming common. One question on the minds of many people related to this topic is: Does cloud backup protect against ransomware?

Gartner predicted that by early this year, over 60% of organizations would be using zero trust as their starting point for security. And no wonder. Cloud migration, hybrid work, and persistent threats have turned security into a minefield, exposing the cracks in old castle and moat, perimeter-based security architectures. Zero Trust aligns with how and where we work today, shifting the perimeter to individual users, devices, and applications—wherever they are.

In the past few years, the risk of cyberattacks has grown enormously. In fact, more than 800,000 people experience data security breaches every year, which is quite concerning. Looking at these numbers, the safekeeping of web applications has become vital. Now, one significant threat to any web application is server-side request forgery or SSRF. This cyberattack helps the hacker trick the server to reveal sensitive information or access internal systems.

According to the Open Web Application Security Project (OWASP), CSRF vulnerabilities are among the top 10 most critical web application security risks. This blog will explain everything about CSRF attacks and the prevention methods to help you secure your website. Let’s start by understanding what Cross-Site Request Forgery is.

Authors: Or Yair, Security Research Team Lead Last August, I shared a blog on my most recent research project with Shmuel Cohen called QuickShell: Sharing Is Caring about an RCE Attack Chain on Quick Share, which we initially presented at DEF CON 32 (2024). In it, we explained how we discovered 10 unique vulnerabilities in Google’s Quick Share data transfer utility, some of which we were able to assemble into an innovative remote code execution (RCE) attack chain against the Windows version.