Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2024, Vanta’s State of Trust Report found that cybersecurity threats were the number one concern for Australian organisations. To mitigate such threats, the Australian Prudential Regulatory Authority (APRA) developed CPS 234—a robust security framework that all APRA-regulated entities must implement. ‍ CPS 234 addresses virtually all aspects of an entity’s security infrastructure, so implementation can be challenging without guidance.

PCI DSS 4.0 introduces explicit controls for managing client-side scripts on payment pages — a common target for digital skimming, Magecart, and formjacking attacks.

CrowdStrike is proud to be named a Strong Performer in The Forrester Wave: Unified Vulnerability Management Solutions, Q3 2025. We believe this recognition underscores the strength of CrowdStrike’s vision, the pace of our innovation, and the rapid adoption of CrowdStrike Falcon Exposure Management by customers transforming their vulnerability management, just 24 months after its launch.

Beginning on July 18, 2025, at approximately 0700 UTC, CrowdStrike Falcon Complete Next-Gen MDR and CrowdStrike Falcon Adversary OverWatch identified a wave of Microsoft SharePoint exploitation attempts by an unknown adversary. Two distinct zero-day vulnerabilities were made publicly available: a critical remote code execution vulnerability (CVE-2025-53770) and a server spoofing vulnerability (CVE-2025-53771).

Visibility without control is only half the battle. To truly stay ahead of attackers, security teams need precise access, trusted data, and efficient workflows they can rely on. That’s why we’re continuing to enhance the CyCognito platform with features that improve transparency, streamline operations, and put more power in your hands.

CYJAX, a leading provider of real-time cyber threat intelligence, today announced the launch of its next-generation Payment Fraud Intelligence platform, a proactive solution designed to help financial institutions detect, mitigate, and prevent payment fraud before it occurs. In today’s fast-paced threat landscape, fraud teams are expected to detect, act, and refund: fast.

Code reuse has become a foundational practice in modern software development. Some estimates suggest that over 80% of developers today re-use existing code, rather than writing code from scratch, when building software applications. This trend is largely due to the open-source movement, as one might call it. There exists a massive, ever-growing public repository of open-source libraries, frameworks, and components.

Autonomous agents are changing the way we think about security. Not in the distant future, right now. These systems (intelligent, self-directed, and capable of making decisions) are starting to play an active role in the SOC. They’re not only collecting data; they’re analyzing it, correlating alerts, prioritizing risks, and even initiating response actions. This is Agentic AI, and it makes people nervous. In security, autonomy often gets mistaken for loss of control.

In many sports, but especially soccer, a team has a set of offensive players and defensive players. The offensive players look for ways to compromise the opposing team’s defenses, seeking to get the ball in the goal. Meanwhile, the defenders work hard to push back against the opponent’s offensive line to clear the ball from the goal line. On a security team, your defenders are the blue team.

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.