Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Internet is in the midst of one of the most complex transitions in its history: the migration to post-quantum (PQ) cryptography. Making a system safe against quantum attackers isn't just a matter of replacing elliptic curves and RSA with PQ alternatives, such as ML-KEM and ML-DSA. These algorithms have higher costs than their classical counterparts, making them unsuitable as drop-in replacements in many situations.

In the ever-escalating battle against cyber threats, security teams are often caught in a deluge of alerts, struggling to distinguish real threats from the noise. The sheer volume of threat data can be overwhelming, leading to alert fatigue and, worse, missed detections. But what if you could really cut through the clutter and focus on what truly matters?

In today's rapidly evolving cybersecurity landscape, organizations face unprecedented challenges. Cyber threats are not only increasing in volume but are also becoming more sophisticated and evasive, using AI themselves to enhance their attacks. The attack surface has expanded dramatically, while Security Operations Centers (SOCs) are often left with fewer resources to combat these growing threats.

When people talk about securing software, they typically refer to two distinct aspects. The code itself, or the servers it runs on. That makes sense. Those are the most visible parts. But what actually holds everything together isn’t either of those. It’s the pipeline in between the system that moves code from an idea in a developer’s head to something running in production. CI/CD pipeline can be easy to overlook because it often feels invisible.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! We all love a good site scan right?

To close out Trustwave’s, A LevelBlue Company, Cybersecurity Awareness Month 2025 coverage, we will take a look at securing critical infrastructure, one of the focus areas for the Cybersecurity and Infrastructure Security Agency (CISA). For our complete coverage, please see: Cybersecurity Awareness Month 2025: The Value of MSSPs and Cybersecurity Awareness Month 2025: 4 Steps to Build a Cyber Strong America.

Security teams don’t struggle to find exposures – they struggle to fix them. The new Seemplicity AI Agents change that. Integrated into the Exposure Action Platform, they combine intelligence and automation to help teams move faster, stay aligned, and reduce risk. From clear findings and ownership mapping to guided fixes and executive insights, Seemplicity’s AI Agents make exposure management truly action-driven.

Formjacking involves malicious code injected into payment forms that captures credit card data during transactions. The form functions normally, the payment completes, and nothing unusual appears in server logs. This happens in the browser, outside the reach of traditional server-side security controls. PCI DSS 4.0 requirements 6.4.3 and 11.6.1 extend compliance to the client side to address this.

Threat Actor Name: UNC6384 Targeted Industries: Government, Diplomatic Services Geographic Focus: Hungary, Belgium, Serbia, Italy, Netherlands (broader European diplomatic community)

Kubernetes adoption is growing, and managing secure and efficient network communication is becoming increasingly complex. With this growth, organizations need to enforce network policies with greater precision and care. However, implementing these policies without disrupting operations can be challenging. That’s where Calico Whisker comes in. It helps teams implement network policies that follow the principle of least privilege, ensuring workloads communicate only as intended.