Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity Insiders’ Insider Threat Report 2023 states that 74% of organizations are moderately or more vulnerable to insider threats, which demonstrates why organizations need resilient data loss prevention strategies. Your organization needs strong access controls and detailed monitoring systems to protect sensitive information effectively.

In my previous blog, I covered the essentials of data sovereignty as a data protection concern for security professionals across domains. Data protection and digital trust will be paramount in the future due to data sovereignty and regulatory compliance mandates. As the Internet of Things (IoT) expands exponentially, the resultant security and privacy risk nexus further requires a holistic approach to data protection centered on both personal and enterprise data protection strategies.

The California Consumer Privacy Act (CCPA) is the first comprehensive California data privacy law granting consumers control over how their personal information is collected, used, and shared. It was enacted in 2018 and took effect on January 1, 2020, signaling a national shift in privacy regulations. With increasing emphasis on transparency and accountability, businesses must now adhere to a new standard in consumer data protection California.

On April 24, 2025, watchTowr published technical details and a proof-of-concept (PoC) exploit for a critical vulnerability in Commvault Command Center, CVE-2025-34028, which had been disclosed earlier in April. Commvault Command Center is a web-based interface used to manage data protection, backup, and recovery operations across enterprise environments.

A new report from Valimail has found that 50% of organizations lack effective protection against email spoofing. Specifically, many organizations have lenient DMARC policies that don’t actually prevent spoofing. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that helps prevent attackers from spoofing organizations that have the protocol in place.

Recently, I received an email at work from a company with whom I've had previous interactions. The email lacked context and contained an attachment, immediately raising suspicion. I reported it to our infosec team using the Phish Alert Button (PAB). A short while later, our team confirmed it was indeed a malicious email. Subsequently, the sender organization informed us that they had been compromised, and phishing emails had been distributed from their account.

Cloud-Native Application Protection Platforms (CNAPPs) combine tools that scan your code, check your open-source libraries, protect your cloud workloads, and monitor your cloud configurations. But CNAPPs aren’t a silver bullet. They lack external active testing and blackbox cloud asset discovery, two capabilities that can leave exploitable vulnerabilities undetected. CNAPPs depend on APIs and deployment hooks to see what’s running.

As 9 out of 10 valuable web apps are missing testing, we’re launching new capabilities to help teams know what else, beyond core applications, is likely to require in-depth testing. The new features automatically classify discovered web assets based on attacker reconnaissance techniques and deliver recommendations on where to run DAST, bridging the gap between broad and deep testing across the entire attack surface.

A tremendous surge has been seen in the number of systems infected with different types of malicious software over the past few years. Among the various types viruses, worms, and Trojan horses are some of the most well-known. These are often used interchangeably, but the fact is each of these has distinct characteristics and behaviors. Here in this blog, we are going to explain the difference between viruses, Trojan Horses, and worms for effective cybersecurity measures. Let’s begin!

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Curious no claims on the attack, could that suggest an insider?