Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerability affects SharePoint Server 2016, 2019, and the Subscription Edition, along with unsupported 2010 and 2013 versions. Cloudflare’s WAF Managed Rules now includes 2 emergency releases that mitigate these vulnerabilities for WAF customers.

We’re excited to announce a major Seemplicity release packed with new AI-driven features that help you fix faster, prioritize better, and streamline remediation at scale. This release introduces breakthrough capabilities that reduce noise, provide clarity, and eliminate bottlenecks between identifying risks and resolving them.

Recognizing the need to better protect organizations that rely on operational technology (OT), Trustwave is advancing its OT security services portfolio. Trustwave now delivers end-to-end visibility and threat response across IT and OT environments, enabling better detection, investigation capabilities, and response to threats targeting critical infrastructure by being integrated Trustwave’s Co-Managed SOC and penetration testing services.

Real maturity doesn’t come until AI is integrated into the operational fabric.

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Qubit Conference Prague 2025 brought together some of the sharpest minds in cybersecurity—and Cato CTRL made sure to leave a mark. Not only did we share insights on AI-powered security, but we also marked a major milestone: the opening of our new R&D office in Prague. This expansion strengthens our global footprint and taps the best in the local engineering and development talent to help with the kinds of projects we present at Qubit.

I’ve been following ransomware since the first one, the AIDS Cop Trojan, was released in December 1989. It locked up victim computers and asked for $300 to be sent to a Panama P.O. Box. A lot has changed since then. The invention of cryptocurrencies, particularly Bitcoin in January 2009, was largely responsible for the explosion of ransomware by 2013. This was when CryptoLocker ransomware was released to the world. Ransomware gangs have been making many billions of dollars per year ever since.

Software-as-a-Service adoption is exploding, but security teams are struggling to keep up. The Cloud Security Alliance’s 2025 SaaS Security Survey has revealed that while investment in and attention to SaaS security are on the rise, genuine control remains elusive, especially when it comes to configuration management, identity governance, and visibility.

For decades now we’ve been locked in this game of cat-and-mouse where attackers develop a new technique and defenders catch up, or defenders introduce a new control and attackers adapt. From the evolution of network security to identity and access control, many of our technical controls have matured into strong and reliable defences. Yet as we continue to see in the media, attackers continue to get in, compromising even the most mature and secure of environments, in seemingly simple way.

In our 1,200-plus Sentinel deployments, we've seen the same pattern play out repeatedly. Security teams forced to choose between comprehensive visibility and manageable costs. Logs getting aged out just when they become most valuable for investigations. Compliance requirements colliding with retention budgets. The pressure to do more with less doesn't come with a pause button. And until now, that pressure has meant making hard choices about what security data to keep and what to let go.