Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Staying on top of corporate security trends may seem like a hassle, but it actually has great benefits for your organization. Understanding security trends helps businesses benchmark their performance—including within their specific industry—and strengthen their security posture to align with the best performers.

Managing the vendor remediation process is no small feat. While on the surface, it might seem like the bulk of the heavy lifting is done once you complete your initial assessment, you (and every other security team on the planet) know this couldn’t be further from the truth. After all, if your team doesn’t constantly track remediation efforts and validate corrective actions, how else are you supposed to ensure vendors effectively mitigate the risks you identified?

New StilachiRAT malware enables crypto theft and reconnaissance, AMOS and Lumma stealers spread via Reddit posts, and 41% of user logins used compromised passwords.

For founders of early-stage startups in Australia and New Zealand, growth is the ultimate goal. You’re focused on building an exceptional product, winning customers, and scaling fast. But one thing that should also be on your radar is security compliance. ‍ The reality is, compliance isn’t just about meeting legal requirements or ticking a box when an enterprise customer asks for certifications. It’s a strategic advantage.

Security teams today face increasing pressure to quantify the effectiveness of their application security programs. Whether it’s justifying security investments to leadership or demonstrating compliance with regulations like PCI DSS, HIPAA, and GDPR, teams struggle to showcase the real impact of their security efforts. Without clear, actionable data, proving that an AppSec program is actively reducing risk becomes a challenge. That changes today.

In February of 2025, North Korean state-backed cybercriminals stole over $1.9 billion from a popular crypto exchange. That's a mind-boggling amount of money, let alone from a breach. But here's the craziest part; it was excruciatingly simple. In short, it went down like this: an engineer was phished, attackers located static API keys — and just like that, attackers had direct access to critical cloud resources. Static credentials strike again.

Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes introduces risks that, without proper API security, can compromise sensitive data and decision-making.

‍Modern organizations have to navigate a complex web of risks, some of which are easily controllable and others that pose a significant challenge to stability, reputation, and growth.

Cybersecurity regulations are constantly evolving to keep pace with emerging cybersecurity risks, and the Directive on Security of Network and Information Systems (NIS) is no exception. The introduction of NIS2 in December 2022 reshaped the compliance landscape across the EU, and organizations that don’t meet its requirements risk facing far more than just regulatory fines. The true cost of NIS2 non-compliance can be devastating, affecting not only finances but also business continuity and trust.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of late March 2025, Cyjax has identified DLSs for 21 new groups this year, as noted in recent blogs on Morpheus, GD LockerSec, Babuk2, Linkc, Anubis, and Arkana. The latest DLS Cyjax has identified is named Frag, which constitutes one of 14 new DLSs identified in March 2025 alone.