Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Every day, stolen credentials are bought, sold, and exploited on the dark web, fueling account takeovers, data breaches, and financial fraud. Organizations must act fast to stop these threats before they escalate. Yet, traditional security tools struggle to detect compromised credentials before it’s too late. According to Bitsight’s upcoming State of the Underground 2025 report, leaked credentials surged by 24% and logs listed on underground markets rose by 13.2% in 2024 alone.

Ransomware attacks often make headlines, but there’s a quieter and more insidious threat lurking online—cybercriminals bidding on access to your company’s most sensitive data. This isn’t just a theoretical risk; employee account credentials are actively sold for as little as $10, potentially allowing cybercriminals to compromise them.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Something you might need to be aware of…

Iframes are a common tool for embedding content on websites. But they can also bring risks if not handled right. In 2025, it is important to secure iframes. This helps protect your site and meet PCI DSS rules for iframes while avoiding security vulnerabilities. This guide will show you how to secure your iframe, make it compliant, and keep your web security for iframes strong. It includes a table of contents to help you navigate the steps. Let’s get started!

NIS 2 is a new EU directive that establishes a unified cybersecurity framework for specific organizations within Member States. Compared to the original NIS directive, the scope has been expanded, and compliance is mandatory for in-scope organizations. ‍ The broader scope means that while NIS 2 is EU-specific, some organizations outside the Union may also be subject to its requirements.

Read also: Denmark gives out first unconditional prison sentences for digital piracy, one of world’s largest CSAM platforms Kidflix dismantled, and more.

As of 2024, 75 active ransomware groups targeted healthcare industries, businesses, and individuals with the aim of threatening these individuals with data loss or leaks in return for large payouts to decrypt this data. Many security organizations and cybersecurity experts are fighting to prevent ransomware from becoming common. One question on the minds of many people related to this topic is: Does cloud backup protect against ransomware?

Gartner predicted that by early this year, over 60% of organizations would be using zero trust as their starting point for security. And no wonder. Cloud migration, hybrid work, and persistent threats have turned security into a minefield, exposing the cracks in old castle and moat, perimeter-based security architectures. Zero Trust aligns with how and where we work today, shifting the perimeter to individual users, devices, and applications—wherever they are.

In the past few years, the risk of cyberattacks has grown enormously. In fact, more than 800,000 people experience data security breaches every year, which is quite concerning. Looking at these numbers, the safekeeping of web applications has become vital. Now, one significant threat to any web application is server-side request forgery or SSRF. This cyberattack helps the hacker trick the server to reveal sensitive information or access internal systems.

According to the Open Web Application Security Project (OWASP), CSRF vulnerabilities are among the top 10 most critical web application security risks. This blog will explain everything about CSRF attacks and the prevention methods to help you secure your website. Let’s start by understanding what Cross-Site Request Forgery is.