Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

All the major vulnerability scanning vendors have strengths, but asset tracking isn’t one of them. Some workarounds exist. However, if you are using one of the most popular vulnerability scanning tools, it’s likely you will struggle with asset tracking.

First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation.

Imagine waking up one day to find all your business files, customer records, or personal memories gone—forever. No warning, no way to recover them. Scary, right? That’s why World Backup Day exists. It’s a reminder to businesses and individuals to protect their critical files before disaster strikes. On March 31st, take the time to back up your data and ensure your information is secure—because losing data is no joke.

Researchers have discovered a critical security vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures. The vulnerability, designated CVE-2025-29927, was discovered by Rachid Allam and Yasser Allam and since assigned a base CVSS score of 9.1. By skipping checks for authorization cookies, attackers can potentially gain access to restricted areas of applications like admin tools and dashboards.

The rush to work faster with artificial intelligence (AI) risks encouraging employees to accidentally put sensitive data at risk. Take this scenario: someone in the procurement team has a tight deadline, so they upload a confidential contract into an AI tool to review a few redlines. It’s unclear if the AI system is storing the data from the contract, how long it’ll be retained, and if the data will resurface in a future prompt to someone else.

Departing workers can pose significant risks to data. Let me share a story about an individual who stole and deleted valuable research data right before submitting his resignation: six weeks after a contingent worker left the company, the FBI contacted us. It turned out that the individual had tried to sell the company’s confidential data to a third party. When he left, everything seemed normal.

Every year, companies reevaluate their budgets, making tough calls on where to invest for the most impact. In many organizations, cybersecurity spending is often seen as a cost center. However, without adequate security investments, companies put themselves at greater risk for data breaches that could disrupt business operations and damage customer trust, ultimately costing the company a lot more in the end.

The EU AI Act is one of the world’s first comprehensive regulations aimed at AI-based systems. While we had voluntary standards like ISO 42001, the Act introduced mandatory requirements that in-scope organizations must meet to avoid considerable fines and operational disruptions. ‍ If you develop, use, or distribute AI systems, you may have to meet the obligations prescribed by this directive. Our EU AI Act summary will help you do so by covering: ‍

Supporting Japan FinTech Week has become a Fireblocks tradition. This March, we, as many in the ecosystem, chose to re-contextualize planned contributions and engagements as the week-long Tokyo event was the first significant global gathering of both regulators and industry after the Bybit hack.

Kubernetes powers modern application deployments, yet safeguarding its secrets remains a formidable challenge. In a 2024 report, IBM estimated that 16% of data breaches stemmed from compromised credentials, resulting in significant financial losses. The recent attack involving a stolen API key at the U.S. Treasury Department highlights the vulnerability of even well-protected systems.