Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Modern conflict is no longer dominated solely by tanks, ships, and fighter jets. The nature of warfare itself has transformed dramatically. Today, battles are increasingly fought—and won—in cyberspace. Historically, military leaders intimately understood their hardware; pilots knew their planes, naval commanders knew their ships, and tank commanders knew their armoured vehicles.

AT&T, one of the largest telecommunications providers in the United States and the fourth-largest telecommunications company in the world by revenue, experienced a significant data leak, which became public in June 2025.

AI coding assistants like GitHub Copilot and Google Gemini Code Assist are changing how developers work — accelerating delivery, removing repetition, and giving teams back time to build. But speed isn’t free. Studies show that around 27% of AI-generated code contains vulnerabilities, not because the tools are broken, but because they generate code faster than most teams can review it. The result? A growing wave of insecure code is making it into production.

The EU AI Act is the most comprehensive law in the world to regulate artificial intelligence. This law doesn’t just apply to organizations inside the European Union, it also affects anyone doing business with the EU or offering AI-powered services in that market. If you use AI tools like ChatGPT, Copilot, Jasper, or Bard for automation, reporting, or client communication, yes, then definitely this applies to you.

PCI 6.4.3 and 11.6.1 are critical requirements for protecting payment pages from JavaScript-based attacks in e-commerce. JavaScript powers modern e-commerce but also exposes sites to digital skimming attacks. Common threats include supply chain compromises, Magecart injections, and CDN breaches. To combat this, PCI DSS 4.0 mandates script management and tamper detection. Protecting your payment pages with real-time monitoring tools and client-side security is essential for compliance and customer trust.

When we think about software security risks, we often focus on immediate threats—new vulnerabilities discovered in the latest release or zero-day exploits making headlines. But beneath the surface lies a more insidious problem, especially in the public sector: security debt. This hidden risk accumulates quietly, but its impact can be severe, eroding the integrity, resilience, and trustworthiness of government software systems.

Daniel Pouzzner from wolfSSL has challenged us to find 3 more vulnerabilities in the wolfSSL library, after we found the first one in October 2024. We weren't quite able to find three, but here are the additional two that we found: Both vulnerabilities were fixed in wolfSSL version 5.8.0, released on 24 April 2025. The fuzz tests that found these vulnerabilities were generated by our AI Test Agent.

With the introduction of WormGPT in 2023, threat actors have been using uncensored large language models (LLMs) for malicious activities. Following the shutdown of WormGPT in the same year, numerous alternatives have emerged—including BlackHatGPT, FraudGPT, and GhostGPT, among others—primarily accessible through Telegram channels.

Today is a big day for the Crash. We are announcing the next step in our collective journey – Securonix has acquired ThreatQuotient. This is an exciting and rare opportunity to combine Securonix’s best-in-class security analytics and detection with ThreatQ’s best-in-class threat intelligence platform. As we all know, the security operations world is changing at a dramatic pace.

If you have ever built a LEGO set, then you have a general idea of how telemetry works. Telemetry starts with individual data points, just like your LEGO build starts with a box of bricks. In complex IT environments, your security telemetry is spread across different technologies and monitoring tools, just like in a large build your LEGO bricks come separated into smaller, individually numbered bags. In both cases, the individual bricks or data points aren’t special.