Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Migrating from Legacy WAFs to AI-Driven Managed WAAP: Why Execution Matters More Than Technology

In 2025, security benchmarks showed that over half of publicly disclosed vulnerabilities can bypass WAF protections when rule updates lag behind real-world exploits. Legacy WAFs were built for stable applications and predictable traffic. Today, frequent releases, API-driven architectures, and rapidly evolving attacks expose the limits of manual tuning and after-the-fact validation, leaving protection out of sync with reality.

Managed Bot Protection for SMBs: Protecting Growth, Reputation & Stability

According to the Indusface State of Application Security Report, SMBs now experience more attacks per application than large enterprises. Each SMB site facing an average of 2.24 million attacks per quarter, driven largely by malicious bot traffic and automated DDoS attempts. Despite this, many SMBs still operate with minimal security controls or legacy technology stacks, making them extremely vulnerable.

Managed DDoS Protection for E-commerce: Securing Online Store Availability

The digital storefront never sleeps, but in the first half of 2025, it has faced unprecedented hostility. According to the State of Application Security report 2025 Report, the threat landscape has shifted dramatically. E-commerce has become a primary target, with DDoS incidents in the retail and e-commerce sector spiking by 420%. Perhaps even more concerning is the vector of these attacks: attacks on APIs rose by 104%, with vulnerability exploitation increasing 13-fold.

Top tips: Secure your devices before you disconnect for the holidays

Top tips is a weekly column where we highlight what’s trending in the tech world and share ways to stay ahead. This week, as the holiday season rolls in and many of us finally take that much-needed break, let’s talk about something equally important: Stepping away from work safely. The holidays are all about resting–logging off and soaking in all the merry feelings. But to truly switch into that much-needed DND mode, it helps to secure your devices before you head out for the holidays.

20 Causes of Data Loss Threatening Businesses in 2026

Data is not just a strategic asset. It’s the lifeblood of your organization. Losing access to any strategic asset can threaten an organization’s viability; without plants and equipment, manufacturers would find it difficult to succeed, and service providers can’t operate without brand recognition. Similarly, without data, your organization could be left in a state of complete and utter paralysis, unable to function or recover.

Why Data, Not the Perimeter, Should Be the Core of Your Security Strategy

For decades, enterprise security strategy revolved around a simple assumption: if you could build a strong enough perimeter around your network, everything inside would remain safe. Firewalls, intrusion prevention systems, and VPNs became the bedrock of corporate defenses. The perimeter was the castle wall, and sensitive data lived safely inside.

Lazarus Group (APT38 / APT-C-26) Exploits WinRAR Vulnerability CVE-2025-8088 for Archive Poisoning Attacks

During routine threat research and monitoring of Chinese-language underground distribution channels, our team identified a malicious RAR archive. Specifically, this archive abuses a critical WinRAR directory traversal vulnerability to achieve arbitrary file write and persistence on Windows systems. To accomplish this, the archive leverages a combination of NTFS Alternate Data Streams (ADS) and directory traversal logic.

WeChat Phishing Attacks a Growing Threat Outside China

“Super-app” WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to mobile payments, ride booking, ordering food deliveries, paying bills and even accessing government services. Provided by Chinese technology conglomerate Tencent, WeChat has become deeply integrated into daily life in China and usage has been spreading globally. The app now boasts over 1.4 billion active users (24.8% of total internet users).

Unmasking the Deepfake Threat: A Game-Changer for Reducing Human Risk

Today, anyone can find a picture of absolutely anybody and it is also not difficult to find a sample of their voice. By combining these it is shockingly easy to create a realistic AI deepfake video of that person. The video may not be perfect, and an experienced AI deepfake enthusiast might be able to see signs of it not being real, but it will be good enough to fool 99% of people. Cybercriminals have been creating and using AI-enabled deepfake technologies since early 2024 to socially engineer people.

The next identity frontier: Automating PKI and certificate management before the 47-day era arrives

Every organization operates on a foundation of identity. Whether it’s a person logging into an app, an API connecting to a service, or a container spinning up in the cloud, every interaction begins with authentication. But here’s the shift most organizations are only starting to catch up to: machines now outnumber people by more than 80 to 1. These workloads and devices all depend on digital certificates to prove who they are. Those certificates are their identities.