Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2015, only about 40% of websites used HTTPS. Today HTTPS is used over 95% of the time. The ACME protocol made that shift possible. The Automatic Certificate Management Environment (ACME) protocol enables software to automatically prove domain control to a certificate authority without any human involvement. No more generating CSRs by hand. No more copy-pasting into web forms. No more waiting for validation emails. ACME largely solved certificate issuance.

Artificial intelligence is transforming how organizations operate, innovate, and compete. From employees using GenAI tools to boost productivity to engineering teams building sophisticated AI agents and applications, AI has become central to modern business operations. AI now operates across every part of the enterprise, spanning endpoints, applications, identities, cloud services, data, and SaaS platforms.

React2Shell is the name commonly used to describe a set of critical vulnerabilities affecting React Server Components (RSC) and frameworks that rely on them, including Next.js. Since disclosure, security teams have observed continued exploitation attempts targeting exposed applications, with attackers abusing the vulnerability to gain unauthorized code execution on affected servers.

In November 2024, Microsoft announced that multi-factor authentication (MFA) would become mandatory for all administrator accounts across Microsoft 365 (formerly Office 365), Azure, and Intune. Starting in 2025, admins without MFA enabled will no longer be able to access Microsoft’s admin portals. This rollout is happening in phases at the tenant level, and administrators who haven’t yet configured MFA will need to update their settings to stay compliant.

The 2025 Cloudflare Radar Year in Review is here: our sixth annual review of the Internet trends and patterns we observed throughout the year, based on Cloudflare’s expansive network view.

Ransomware attacks have grown stronger in the last few years. Attackers are now stealing data before locking it. They also pressure victims by posting stolen files on the internet. There are groups that sell ransomware kits, making these attacks easy to run. This has made things worse for businesses all around the world. Teams are looking for ransomware remediation tactics that help them recover fast and reduce the chance of the attacker returning.

If you missed the live walkthrough of Aikido AI Pentesting, here is the short version of what happened. We set up a real application, configured the assessment, and watched the agents test live flows, explore the app, and surface confirmed findings with full traces.

We’re making a fundamental change to how teams use SAST. SAST in the IDE is now free. This means developers can run SAST scans directly inside their editor, with real-time feedback and project-wide visibility, using the same analysis engine and SAST rules as Aikido. Detection runs automatically as developers work, without limiting coverage at the detection layer.

In the startup world, speed is oxygen. The mantra is familiar: move fast, ship the MVP, and break things if you have to. When you are fighting for traction, especially when building generative AI applications, privacy usually feels like a “nice-to-have.” It’s something you bolt on later once you have actual users and revenue. But treating data protection as a post-launch feature creates a specific, dangerous kind of liability.

Banks make money from trading and brokerage. JP Morgan’s Markets division: $31 billion in 2024 and Goldman Sachs: $26 billion, according to private industry analysis. Morgan Stanley’s wealth division made $28 billion. Digital assets don’t change the role banks play to earn this revenue. In fact, they extend it. But activity is migrating. Coinbase generated $4 billion in transaction revenue in 2024, the same intermediation function banks provide.