November 24, 2025 Cyber Threat Intelligence Briefing
This week’s briefing covers: Dive deeper.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Beyond Web App Firewalls: How XDR Strengthens SQL Injection Prevention
The Critical Gap in Your SQL Injection Defense Your Web Application Firewall isn’t enough anymore. Despite WAF deployments, sophisticated SQL injection attacks continue bypassing perimeter defenses, with attackers exploiting JSON-based payloads, encoding techniques, and behavioral evasion methods that traditional signature-based detection simply cannot catch. Recent authoritative research reveals alarming trends.
How Airlines Can Stop Loyalty Account Takeovers Before Miles Are Stolen
The airline industry faces a critical security threat that cuts directly into profits and customer trust: loyalty account takeover (ATO) fraud. Frequent flyer miles function as a highly liquid digital currency. This drives a surge in theft across US carriers and global networks. Attackers are increasingly sophisticated. They use automated kits and deepfake phishing to seize accounts and quickly convert stolen miles into cash.
DPDP Rules 2025: The New Compliance Era and How AppTrana Helps You Get There
On 14 November 2025, the Government of India notified the Digital Personal Data Protection (DPDP) Rules, 2025, officially activating the DPDP Act, 2023. The Rules transform the law from a policy framework into a fully enforceable compliance regime, starting an 18-month implementation countdown for every business in India.
What is Headless WordPress and How Single Sign On (SSO) Secures It
WordPress powers more than 43% of all websites on the internet, making it the most widely used Content Management System (CMS) for everything from small blogs to enterprise sites. Its popularity comes from being easy to use, flexible, and supported by a large ecosystem of plugins and themes. In recent years, many businesses have started using WordPress in a new way called Headless. Industry research shows that nearly 64% of enterprise companies now use a Headless CMS strategy.
NIS2 Readiness in 90 Days | How EU Companies Can Avoid 2% Penalty Risks?
NIS2 is now active across the EU and companies can face fines up to 2 percent of global turnover if they fail to comply. This webinar explains who is in scope, what controls are mandatory, how incident reporting works and the fastest way to become NIS2 ready in 90 days. 1) Maximum fines: €10M or 2% global turnover (essential entities); €7M or 1.4% (important entities). 2) Typical reporting timeline companies are implementing: “24–72–30” — early warning within 24h, detailed notification within 72h, final report within 30 days (operationalization varies by Member State).
Azure Key Vault and Application Secrets and Certificates with Key Manager Plus
Managing certificates and client secrets across multiple Azure Key Vaults and applications manually? It's not just time-consuming, it's nearly impossible to do effectively. That's where Key Manager Plus comes in. Its seamless Azure integration gives you complete visibility and control over every certificate and secret across your Azure Key Vault and registered applications, all from one centralized dashboard.
SHA1-Hulud, npm supply chain incident
On November 24th, 2025, we identified a new supply chain attack in the npm ecosystem, referred to as SHA1-Hulud. We believe this is a second wave of the Shai-Hulud attack, which occurred in September 2025. Snyk will continue monitoring this active incident until it is resolved. Updates on this incident will be on our trust center.
The Hidden Security Risk in Your Atlassian Cloud Migration
For CISOs planning cloud migrations: Your decade of Jira and Confluence data contains thousands of exposed credentials, patient records, and payment card numbers. Here's how to clean it up and secure it after migration.
SPARK 2025: B2C2 CEO Cactus Raazi on Institutional Liquidity & Stablecoin Conversions w/ Fireblocks
SPARK 2025 | Customer Story In this discussion from SPARK 2025, Cactus Raazi, CEO of The Americas at B2C2, shares invaluable insights on the institutional adoption of digital assets, the strategic partnership between B2C2 and Fireblocks, and the future of stablecoins in the real economy.