Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On February 12, 2025, Netskope Threat Labs reported a widespread phishing campaign using fake CAPTCHA images via Webflow CDN to trick victims searching for PDF documents on search engines. These PDF files lead to phishing sites designed to pilfer victims’ credit card and personal information. As we hunted for similar phishing campaigns, we discovered many more phishing PDF files with fake CAPTCHAs distributed across multiple domains.

In this episode of Security Matters, we dive into the world of retail technology and cybersecurity. Imagine a bustling retail chain during its busiest shopping season, only to be disrupted by a cyberattack. Our guest, Jason James, Chief Information Officer (CIO) at Aptos Retail, shares his insights with host David Puner on how to stay ahead of these threats.

AI has made good on its promise to deliver value across industries: 77% of senior business leaders surveyed in late 2024 reported gaining a competitive advantage from AI technologies. While AI tools allow developers to build and ship software more efficiently than ever, they also entail risk, as AI-generated code can contain vulnerabilities just like developer-written code. To enable speed and security, DevSecOps teams can adopt tools to integrate security tasks into developer workflows.

How good is Symbolic AI as an automated expert system for analyzing code paths and detecting security vulnerabilities? Snyk Code is tested and demonstrates the benefits of rule-based, algorithmic systems.

Read also: Three arrested for hacking hospital CCTV and selling videos of female patients, hacker responsible for 90+ data breaches worldwide arrested in Thailand, and more.

Companies are being warned that malicious hackers are using a novel technique to break into businesses - by pretending to offer audits of the company's cybersecurity. With ransomware and other cybersecurity threats high in the mind of many business owners, it is all too easy to imagine how many companies might react positively to an invitation to have the security of their networks tested.

Many organizations have a vulnerability management (VM) problem without knowing it. Vulnerability management is a crucial component of any organization’s cybersecurity program and is required by most major compliance standards because of its sink-or-swim impact on network security. One of the biggest issues in VM is that organizations aren’t testing the entirety of their networks. Could yours be among them?

Identity providers (IdPs) or Identity and Access Management (IAM) solutions are essential for implementing secure and efficient user authentication and authorization in every application. By centralizing user identity management, IdPs streamline the verification of user credentials and grant access to various resources. This post is the second part of our journey into open source IAMs.

The State of Software Security (SoSS) 2025: A New View of Maturity, our 15th year publishing the report, highlights a critical shift in how organizations approach security maturity. This transition focuses on major risks and uses continuous feedback loops to identify and mitigate them. Key metrics such as flaw prevalence, fix capacity, fix speed, debt prevalence, and open-source debt are essential for benchmarking and improving security maturity.

CrowdStrike has been named a Leader in The Forrester Wave: Managed Detection and Response (MDR) Services, Q1 2025. Forrester researched, analyzed, and scored the ten most significant vendors in the MDR market. CrowdStrike was named a Leader and ranked highest of any vendor evaluated in the Strategy category.