Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Website data leaks don’t require hackers. They happen when legitimate scripts, analytics pixels, and chat widgets transmit sensitive data to third parties through routine operations. Traditional security tools miss these leaks because they monitor server-side traffic while the exposure occurs in customer browsers. This visibility gap is why organizations use client-side monitoring platforms to detect browser-level data flows that security tools can’t see.

On November 6, 2025, The HIPAA Journal reported that Pomona Valley Hospital Medical Center (PVHMC) agreed to pay $600,000 to settle a class action lawsuit over its use of Meta Pixel and similar website-tracking technologies. The case, Warren v. Pomona Valley Hospital Medical Center, centered on how these tools may have unintentionally transmitted user identifiers and patient information to third parties such as Meta (Facebook).

The cybercrime underground continues to evolve into a mature, service-based economy that mirrors legitimate technology markets. Threat actors are increasingly adopting professionalized business models, offering malware, access, and data-theft capabilities “as a service” to a broad audience of buyers. During the first half of 2025, Bitsight observed sustained growth in Malware-as-a-Service (MaaS) and Remote Access Trojan (RAT) activity across dark web forums and marketplaces.

Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the campaign and highlight the new tools employed by the threat group.

We’re excited to announce the launch of our MCP server for Apono administrators — giving security and DevOps teams the ability to surface complex access data instantly, without the endless API queries, spreadsheets, or manual digging that slows everyone down. Admins are the guardians of access. But when they need answers like “Which users are included in this access flow?” or “Who has access to production?”, getting that data today can take hours.

As PCI DSS 4.0 moves closer to full enforcement in 2025, many businesses are still trying to separate what truly matters from the noise. The new version introduces a stronger security mindset, more flexible implementation options and a greater emphasis on continuous monitoring. For many organizations, the challenge is not understanding the requirements but knowing where to begin.

As the rate of ransomware attacks keeps growing, the demand for cyber insurance is also greater. The State of Ransomware 2025 report by Sophos outlines that nearly 50% of companies in the report paid ransom. This underscores the need for stronger security measures — not only for data protection but also for cyber insurance eligibility.

Today, Trust Exchange stands tall as a platform used by thousands of customers to communicate their security posture. Now we are introducing the new Trust Exchange Paid tier. This tier is designed to help you eliminate bottlenecks, accelerate deal cycles, and maintain top-tier security communication. For high-growth organizations, scaling communication means that security requests escalate rapidly. With UpGuard’s mission to drive proactive cybersecurity protocols, this is our next step.

Using the right tool for the job is always better. Anyone who does DIY projects around the home knows how using the right tool can dramatically make the job you are doing far easier. Use the wrong tool, and that task suddenly becomes a burdensome nightmare. And after over 38 years in cybersecurity, I know that applies to cyber defense strategies, but I add one more axiom: Use the dumber, faster thing first for best results. Dumber things are usually faster at blocking a large number of things.

Since OWASP unveiled its 2025 Top 10, one of the most-discussed items has been A03: Software Supply Chain Failures. For many in AppSec, this came as no surprise; enterprise software’s reliance on open source has become one of its greatest strengths and arguably its biggest liability.