AI + OWASP: Same Threats, New Surface | Wallarm 2025 API Security Report #APIsecurity #OWASP
There’s near-perfect overlap between the OWASP API Top 10 and LLM Top 10. The threats haven’t changed — only the surface they attack.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
May 06, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: UK Defence Contractors Warn Staff Against Chinese EVs UK defence firms, including Lockheed Martin and Thales, have advised staff against connecting mobile phones to Chinese-made electric vehicles (EVs) due to concerns over potential espionage and data theft. These vehicles, equipped with cameras, microphones, and internet connectivity, could be exploited by hostile states to collect sensitive information.
It's Time! All PCI 4.0 Requirements Are Now in Effect
Since April 2025, version 4.0.1 of the PCI DSS standard has become the sole reference for all companies handling payment card data. Whether it involves processing, storing, or simply transmitting, the security of banking data has become a non-negotiable priority in a digital world that is more vulnerable than ever. The digital landscape of endless online payment transactions across various sectors.
Protect Everything? Good Luck Letting People In
You want to protect *everything*? Great. Just don’t forget to let people in.
Scattered Spider and DragonForce: A Case Study in Human-Centric Cyber Threats
In April 2025, Marks & Spencer, the Co-op Group, and Harrods were all targeted by cyber-attacks that caused disruption across their services. Although attribution is still being confirmed, indicators strongly link these attacks to Scattered Spider, a group known for aggressive, human-centric tactics and high-profile breaches. This post is not an incident breakdown for each retailer.
What does it mean to be cyber resilient?
Achieving should be a priority for all! Everyone needs to pull their weight when it comes to protecting the lifeblood of your organization: your data. Let’s take a new approach to cybersecurity, one that assumes that cyber attacks WILL happen. Resilience means being ready for anything! Learn more about what it means to be truly by checking out the link in our bio.
Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise
CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups.
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
On 5 May, 16:00 GMT+0, our automated malware analysis pipeline detected a suspicious package released, rand-user-agent@1.0.110. It detected unusual code in the package, and it wasn’t wrong. It detected signs of a supply chain attack against this legitimate package, which has about ~45.000 weekly downloads.
The CEO, CFO, and Board's Expanding Role in Cyber Risk Management
Cyber risks have steadily grown more disastrous over the years, with a single event having the power to cause billions of dollars worth of damage. As business leaders watch the monetary losses pile up, whether facing them firsthand or witnessing industry peers absorb the blow, they have begun to realize that they can no longer conceive of cybersecurity as a technical duty managed solely under the chief information security officer’s (CISO’s) purview.
Leveling Up GRC: From Fragmented Controls to Strategic Integration
As the attack surface expands and organizations face pressure from evolving regulatory requirements, it becomes increasingly difficult to align compliance management with overall risk strategy. As a result, many organizations are managing compliance and risk separately, leading to redundancies, inefficiencies, and critical gaps that are overlooked or improperly managed.