What is a cloud workload protection platform (CWPP)? Security for the workloads actually running in your cloud—VMs, containers, and serverless functions doing real work. Unlike posture management (CSPM) that checks configurations, CWPPs monitor processes, network connections, and application behavior to catch threats as they happen. What’s the difference between CSPM, CWPP, CNAPP, and CADR? CSPM scans cloud settings for misconfigurations. CWPP protects running workloads.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! You might want to get on to this…

Unused SaaS licenses are a budget drain and a security risk. The need to easily track and manage SaaS licenses and identify unused ones is a challenge that every modern organization faces.

What is ADR (Application Detection & Response)? A security tool that monitors application-layer behavior—API calls, function execution, code paths—to detect and respond to threats in real-time. Different from EDR (endpoint-focused) or CDR (cloud infrastructure-focused), ADR sees what’s happening inside your applications. Why do most ADR solutions fail? They only see one layer.

Due to growing awareness of data privacy risks, organizations face mounting pressure from regulators to safeguard sensitive personal information. This can be particularly challenging for US companies, which must adhere to both domestic regulations, such as the CCPA and HIPAA, as well as international frameworks in their target global markets.

In the last few years, many of the largest data exposures haven’t come from broken pages or leaked databases. They’ve come from APIs. Public reports around large-scale scraping incidents at companies like Meta and LinkedIn showed how exposed APIs, not traditional web flaws, were used to pull massive volumes of user data at scale. This isn’t an edge case anymore. APIs now sit at the center of how enterprises move data between applications, partners, and customers.

Criminal infrastructure often fails for the same reasons it succeeds: it is rushed, reused, and poorly secured. In the case of StealC, the thin line between attacker and victim turned out to be highly exploitable. StealC is an infostealer malware that has been circulating since early 2023, sold under a Malware-as-a-Service (MaaS) model and marketed to threat actors seeking to steal cookies, passwords, and other sensitive data from infected computers.

As per Verizon’s 2025 DBIR, system intrusion, social engineering, and web application attacks form: This makes web applications one of the most common and important egress points into your business systems and customer data, and that’s why even a single undetected vulnerability here can cascade into revenue-devouring breaches, hefty compliance violations, and reputational damage that may as well take years to repair.