Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API security breaches have reached a crisis point, with 57% of organizations experiencing API-related breaches in the past two years. Only 13% of organizations can prevent more than 50% of API attacks, while 84% of security professionals experienced an API security incident in the past year. The average cost to remediate API incidents was $591,404 in the United States, increasing to $832,801 in the financial services sector.

Over the past few years, software has undergone a significant shift in how businesses approach security. The old model of responding to problems after the fact is no longer viable; organisations are moving to a security-first approach, where security is a priority throughout the entire development process. However, this transition is more than just a timing change; it is a complete reevaluation of how security aligns with development and operations.

How AI can transform even Microsoft's own documentation to meet its style standards.

Scams are getting slick, but your best defense is still fast, calm thinking. In one minute, you can scan any email, text, or DM and decide if it’s safe. Use the checklist below, then save the quick steps for what to do if you already clicked.

JFrog Security Research recently discovered and disclosed multiple CVEs in the highly popular Chaos engineering platform – Chaos-Mesh. The discovered CVEs, which we’ve named Chaotic Deputy are CVE-2025-59358, CVE-2025-59360, CVE-2025-59361 and CVE-2025-59359. The last three Chaotic Deputy CVEs are critical severity (CVSS 9.8) vulnerabilities which can be easily exploited by in-cluster attackers to run arbitrary code on any pod in the cluster, even in the default configuration of Chaos-Mesh.

The Forward Networks platform creates a complete digital twin of your network—but the power of that data multiplies when it’s accessible via API. Whether you’re pushing insights into dashboards, validating changes before rollout, or automating ticket generation, the API puts your network state into your workflows.

Linux kernel v6.17 is on the horizon (expected release by the end of September 2025 – Canonical said to release 25.10 with the new kernel in early October), and it brings some interesting security-focused improvements. This release continues Linux’s trend of hardening the kernel against both hardware-level vulnerabilities and general attack vectors, while refining security subsystems for better performance and maintainability.

On September 15, 2025, reports surfaced that the widely used npm package @ctrl/tinycolor had been compromised by malware as part of a broader supply chain attack affecting over 40 packages initially, with the number rising to more than 180 according to Aikido’s blog. Upon further investigation, the first malicious package that was identified as compromised in this campaign was rxnt-authentication, which was updated on September 14, 2025, at 17:58:50 UTC.

Every single-vendor SASE provider claims convergence, cloud-native design, advanced security, Zero Trust, and AI readiness. That’s the baseline. What enterprises need to know is how those claims hold up after deployment. Most head to Gartner Peer Insights as part of their recon because real-world feedback is the best reality check. Gartner is arguably the most recognized analyst in tech, trusted by thousands of organizations for impartial, considered research.

First published May 8th 2025 Updated Sept 16th 2025 Editor’s Note: This blog builds on our recent analysis of the DragonForce ransomware cartel, which claimed responsibility for a wave of UK retail attacks in April–May 2025. While DragonForce took credit for the extortion and data leak phase, growing evidence suggests that another group—Scattered Spider—may have played a foundational role in enabling those attacks.