Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

With hybrid work, cloud applications, and distributed teams now the standard, organizations face a critical challenge: how to deliver secure, seamless access to both cloud-hosted and private applications without relying on outdated remote user VPNs or complex hardware.

Remember when ICS malware was “rare”? Last year we got two new families built for one thing: disruption. FrostyGoop and Fuxnet are not Mirai with a wrench taped on or your typical DDoS botnet. They were built to target and disable devices that use Meter-bus and Modbus protocols, inflicting maximum damage. If you still believe that “our PLCs aren’t on the Internet,” then this is your nudge to actually go and check.

CVE-2025-20333 is a critical, actively exploited zero-day vulnerability impacting Cisco firewall devices, specifically those running unpatched versions of Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. It is one of two zero-days currently being weaponized by cyber threat actors, posing a significant and immediate threat to enterprise network perimeters. The vulnerability has a CVSS score of base 9.9. At this time, NVD has not released a formal entry for CVE-2025-20333.

AI is now woven into everyday work. Customer teams rely on chat assistants, developers use copilots, and analysts ask models to sift through knowledge bases. The biggest shift in 2025 is not a single law or headline. It is the move from occasional audits to continuous, technical controls that run wherever data flows.

Picture this: Your payment network appears to be running smoothly, yet subtle inconsistencies in transaction data start to emerge. Authorizations are delayed or altered, and some backend calls never trigger. This isn’t just another case of stolen credentials or card fraud — it’s a devastating man-in-the-middle (MITM) attack that has been going on for months.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Been a little awkward at the air ports over here in Europe recently. Looks like they have a lead though.

Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud computing and hybrid environments, and enterprise identity and access management (IAM) becomes extremely challenging.

The application security landscape is undergoing a fundamental transformation. While organizations race to deliver software faster than ever, traditional security approaches create bottlenecks that compromise both speed and protection. This isn’t a problem you can solve by throwing more disparate tools at the challenge. It requires a holistic, strategic shift to AI-powered application security.

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.

Rate this post Last Updated on September 25, 2025 by Narendra Sahoo The world of payment security never stands still, and neither does PCI DSS. PCI DSS 4.0.1 Compliance is now the latest update that is the new talk of the town. Don’t worry it’s not that massive and heavy on changes but it is here to make a remarkable difference in transparency and finance.