Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The fact that you’re here is proof enough that API is somewhere disturbing your or your security team’s sleep. Whether it is 99% of organizations reporting API security issues in recent surveys, or it’s a compliance/client mandate. We know you are (fear you soon will be) grappling with shadow APIs, misconfigured endpoints leaking sensitive data, BOLAs, unauthorized access, and more.

Learn how a Threat Intelligence Platform (TIP) centralises, enriches, and prioritises threat data to deliver actionable cyber intelligence at scale.

2025 marked a pivotal year for SafeBreach as we took our first steps in our evolution from the pioneers in Breach and Attack Simulation (BAS) to the leader in Continuous Threat Exposure Management (CTEM). The year was marked by a number of impressive highlights, all of which we could not have achieved without the partnership of our employees, customers, and partners: Read on for more in-depth insights into the year that was 2025 for SafeBreach and a sneak peak at what’s in store for 2026.

On January 27, 2026, Fortinet released an advisory detailing a critical authentication bypass vulnerability affecting FortiOS, FortiAnalyzer, FortiManager, and FortiProxy products. Designated CVE-2026-24858, the vulnerability allows an unauthenticated threat actor with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.

On January 28, 2026, SolarWinds released fixes for multiple vulnerabilities impacting Web Help Desk (WHD). WHD is an IT service management platform that may contain sensitive information, making it a valuable target for threat actors if compromised. Among the vulnerabilities addressed, four were rated as critical: At the time of writing, Arctic Wolf has not observed exploitation of these vulnerabilities in the wild, nor identified a publicly available proof-of-concept exploit.

Security teams collect more data today than ever before. Logs are generated from endpoints, cloud services, identities, networks, and applications. Teams are still using traditional SIEM tools to handle this growing volume of data. This puts a lot of pressure on these tools, leading to significant deterioration in their efficiency. The data will continue to grow, resulting in slower searches and limited visibility. This problem can be addressed with data lakes.

LevelBlue has been recognized as a Major Player in the IDC MarketScape: Worldwide Managed Security Service Edge Services 2025 Vendor Assessment (IDC September 2025). The IDC MarketScape noted that, “Enterprises seeking a managed SSE service with multivendor flexibility and strong MDR integration should consider LevelBlue. Midmarket clients looking for cost-effective managed SSE options may also benefit from LevelBlue's tiered model.”

Humans have always sought to streamline productivity through the most convenient solutions available, prioritizing speed to stay ahead and gain an edge over the competition. From the assembly line to the cloud, the goal remains the same: do more with less friction. Today, that convenience is synonymous with AI. While these tools have revolutionized how we work, the reality remains that rapid innovation always comes with a hidden cost.

The EU Cyber Resilience Act (CRA) establishes mandatory cybersecurity requirements for most products with digital elements placed on the EU market. It raises the baseline for secure-by-design/default engineering and, critically, makes post-market security support and evidence production a compliance obligation.

As Winter Storm Fern made its way across the US this weekend, children across the country were glued to phones, computers, or televisions as they tried to guess how long they would be out of school this week. Little do they know, however, the data, science, and lack thereof, that goes into that decision. School closures are the very public end of a complex and fast-changing dataset that is highly dependent on locality and can be wildly different on either side of a district line.