Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

According to the Indusface State of Application Security Report, SMBs now experience more attacks per application than large enterprises. Each SMB site facing an average of 2.24 million attacks per quarter, driven largely by malicious bot traffic and automated DDoS attempts. Despite this, many SMBs still operate with minimal security controls or legacy technology stacks, making them extremely vulnerable.

In 2025, security benchmarks showed that over half of publicly disclosed vulnerabilities can bypass WAF protections when rule updates lag behind real-world exploits. Legacy WAFs were built for stable applications and predictable traffic. Today, frequent releases, API-driven architectures, and rapidly evolving attacks expose the limits of manual tuning and after-the-fact validation, leaving protection out of sync with reality.

If you manage security in an enterprise nowadays the cloud likely seems less, like a fixed goal and more like a shifting aim. New cloud accounts emerge quicker than you can assess them. Various teams select providers. SaaS applications are linked with a few clicks and before you know it vital data is transferring through platforms missing from your risk documentation. You are required to maintain the security of all this demonstrate adherence and yet not hinder the business’s progress.

At this time last year, LevelBlue asked its experts to offer up some thoughts on what the coming year, 2025, would bring. So, with a year of hindsight, let’s keep ourselves honest and take a look to see what we got right and where we were a bit off. December 2025.

Telecom networks are the backbone of the digital economy. They must deliver secure, always-on connectivity at scale, supporting everything from critical national infrastructure to everyday consumer services. But cyber resilience today is no longer defined by uptime alone. It is about the ability to withstand, detect, and respond to highly targeted cyber threats that are designed to exploit the very fabric of telecom environments.

On December 18, 2025, WatchGuard released fixes for CVE-2025-14733, a critical out-of-bounds write vulnerability in the Internet Key Exchange daemon (iked) process used to establish VPN tunnels in Fireware OS, which powers Firebox firewall appliances. Exploitation of this vulnerability allows a remote, unauthenticated threat actor to execute arbitrary code. WatchGuard has confirmed in-the-wild exploitation in their advisory.

An Acceptable Use Policy (AUP) is a strategic compliance tool that protects people, data, and systems while setting clear expectations for technology use. A well-crafted AUP turns subjective norms into measurable rules that everyone in the organization can follow, helping mitigate legal, security, and operational risk. By standardizing acceptable behavior and linking usage rules to broader governance and risk management objectives, companies create shared understanding and accountability across teams.

Eighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the Identity Theft Resource Center (ITRC) has found. The report notes that external hackers have overtaken malicious insiders as the most common root cause of these incidents. This trend is partially driven by AI-assisted social engineering attacks, which were cited as a root cause by more than 41% of victims.

Every cloud service provider that seeks an authorization to operate with the federal government using the FedRAMP framework has to undergo and pass an audit. Beyond passing the audit, the CSP needs to keep and maintain proof of not just their external audit, but also internal audits, continuous monitoring results, and more.

Modern businesses need faster, more accurate ways to capture data and move it securely across teams. Paper forms, manual uploads, and scattered files slow work down and introduce unnecessary risk. With GoFormz and Egnyte, organizations can digitize field data capture while ensuring information is securely stored, governed, and ready for collaboration.