Discover how BSidesSD 2025 challenged traditional GRC, spotlighted data poisoning, and promoted human-driven security insights. Read our highlights from this community event.

The virtual world is ever-changing, as are the cybercriminals who continue to evolve in order to circumvent even the strongest security systems. The newest threat to hit the headlines is CoffeeLoader—a second-stage payload dropper designed to bypass endpoint security tools, digital forensic tools, and EDR (Endpoint Detection and Response) tools.

If you ask a security team if they run pentests on their web applications or APIs, the answer is always a strong “Yes”. But if you ask if they pentested their Umbraco setup, you will get a more hesitant, “I thought Umbraco is secure by default”. Umbraco is a powerful CMS, but assuming it is secure by default is a mistake.

Starting February 2025, Netskope Threat Labs has tracked and reported on multiple phishing and malware campaigns targeting victims searching for PDF documents on search engines. Once they open the PDFs, the attackers employ various techniques to direct these victims to malicious websites or trick them into downloading malware.

Recently, a new ransomware group, Anubis, has emerged, making its presence known on Twitter. The Foresiet Threat Intel team monitored their activity and observed a new ransomware operation being advertised on their account. The group updated their profile picture and began posting about their latest breaches. Through analysis of their communication patterns and language, Foresiet has determined that the operators behind Anubis likely belong to a Russian-speaking threat group.

GxP compliance supports the medical and pharmaceutical industries. “Good” x “Practices” covers several scenarios, where x represents manufacturing, distribution, laboratory, clinical, or document scenarios. There’s also cGxP, where c represents “current”, which is about as good as saying “new”. How long is “new”, and when does “new” become “legacy”?

Every business that processes credit card transactions knows that security is important. But, when asked whether they actively test their systems for PCI DSS compliance, many often assume their payment processor has it covered. This assumption could later turn out to be costly. PCI DSS compliance doesn’t mean you outsource your payment processing to a secure provider but actually protect every endpoint where cardholder data is stored and processed.

Ask any CTO if they pentest their web apps, APIs, or cloud infrastructure; the answer is almost always yes. But ask if they’ve ever pentested their Salesforce environment, and you’ll likely get a silent—or hesitant- “Doesn’t Salesforce security cover that?” Here’s the problem: Salesforce is not just a CRM. It’s an application stack, a data warehouse, and a workflow engine—all deeply integrated with your business operations.

Over the past few days, we have been in direct contact with a hacker who goes by the alias Rose87168. He claims to have breached Oracle Cloud systems, specifically targeting Oracle WebLogic and Oracle Access Manager (OAM). The hacker has provided us with multiple files and data samples, including a tree file and a 10,000-line dataset, which allegedly contain sensitive configuration files, user authentication data, and directory structures from Oracle's infrastructure.

The biggest risk to API security isn’t attackers—it’s how companies misunderstand APIs. They see them as engineering tools rather than business-critical contracts that connect systems, partners, and customers. Data leaks, fraud, and service disruptions aren’t just caused by bad code; they stem from APIs being built, deployed, and monetized without security as a priority. Worse, most companies don’t even know how many APIs they have, let alone what they expose.