Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud computing and hybrid environments, and enterprise identity and access management (IAM) becomes extremely challenging.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Been a little awkward at the air ports over here in Europe recently. Looks like they have a lead though.

Picture this: Your payment network appears to be running smoothly, yet subtle inconsistencies in transaction data start to emerge. Authorizations are delayed or altered, and some backend calls never trigger. This isn’t just another case of stolen credentials or card fraud — it’s a devastating man-in-the-middle (MITM) attack that has been going on for months.

AI is now woven into everyday work. Customer teams rely on chat assistants, developers use copilots, and analysts ask models to sift through knowledge bases. The biggest shift in 2025 is not a single law or headline. It is the move from occasional audits to continuous, technical controls that run wherever data flows.

CVE-2025-20333 is a critical, actively exploited zero-day vulnerability impacting Cisco firewall devices, specifically those running unpatched versions of Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. It is one of two zero-days currently being weaponized by cyber threat actors, posing a significant and immediate threat to enterprise network perimeters. The vulnerability has a CVSS score of base 9.9. At this time, NVD has not released a formal entry for CVE-2025-20333.

Remember when ICS malware was “rare”? Last year we got two new families built for one thing: disruption. FrostyGoop and Fuxnet are not Mirai with a wrench taped on or your typical DDoS botnet. They were built to target and disable devices that use Meter-bus and Modbus protocols, inflicting maximum damage. If you still believe that “our PLCs aren’t on the Internet,” then this is your nudge to actually go and check.

With hybrid work, cloud applications, and distributed teams now the standard, organizations face a critical challenge: how to deliver secure, seamless access to both cloud-hosted and private applications without relying on outdated remote user VPNs or complex hardware.

AI is rewriting the startup playbook. Today’s founders must juggle faster tech cycles and rising investor expectations around AI with age-old challenges such as finding product-market fit. ‍ Founders need more than grit and luck—they need frameworks that make growth repeatable and resilient.

Today’s enterprises are facing relentless change. Digital transformation, cloud migration, hybrid work, and M&A are moving faster than most IT organizations can keep up with. While the business demands speed and agility, IT and security teams are often constrained by fragmented tools, legacy systems, and skill shortages. As a result, CxOs are caught between two priorities: enabling innovation and ensuring a secure enterprise.