Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Deepfake attacks have become more compelling and realistic than ever before. Attackers are impersonating trusted leaders with convincing videos and voice, making it harder for employees to know what is real. Traditional awareness training is a good start, but nothing replaces first-hand exposure to real and synthetic content when it comes to telling deepfake videos from authentic ones. That’s why today we’re introducing KnowBe4’s Deepfake Training Content.

Malwarebytes warns that threat actors are abusing the free Cloudflare Pages service to host phishing portals, helping the phishing sites avoid detection by security scanners. The attackers are building fake login pages impersonating banking, insurance, and healthcare entities. The pages are designed to harvest credentials as well as security questions and multifactor authentication codes.

Millions of homes, businesses, and hospitals depend on solar power, a clean and cost-effective source of renewable energy. Adoption has accelerated worldwide thanks to major government initiatives such as the Inflation Reduction Act (IRA) in the U.S., the Renewable Energy Directive (RED II) in the EU, the Smart Export Guarantee in the UK, and Australia’s Small-scale Renewable Energy Scheme (SRES). As clean energy infrastructure expands, a new vulnerability is emerging.

Managing applications on Red Hat OpenShift gets complicated quickly. Updates break things, scaling requires constant attention, and recovery from failures eats up valuable time. OpenShift Operators eliminate these headaches by automating tasks that normally demand manual work from your team. These Kubernetes-native tools package, deploy, and manage services across your cluster.

In 2015, only about 40% of websites used HTTPS. Today HTTPS is used over 95% of the time. The ACME protocol made that shift possible. The Automatic Certificate Management Environment (ACME) protocol enables software to automatically prove domain control to a certificate authority without any human involvement. No more generating CSRs by hand. No more copy-pasting into web forms. No more waiting for validation emails. ACME largely solved certificate issuance.

Artificial intelligence is transforming how organizations operate, innovate, and compete. From employees using GenAI tools to boost productivity to engineering teams building sophisticated AI agents and applications, AI has become central to modern business operations. AI now operates across every part of the enterprise, spanning endpoints, applications, identities, cloud services, data, and SaaS platforms.

React2Shell is the name commonly used to describe a set of critical vulnerabilities affecting React Server Components (RSC) and frameworks that rely on them, including Next.js. Since disclosure, security teams have observed continued exploitation attempts targeting exposed applications, with attackers abusing the vulnerability to gain unauthorized code execution on affected servers.

In November 2024, Microsoft announced that multi-factor authentication (MFA) would become mandatory for all administrator accounts across Microsoft 365 (formerly Office 365), Azure, and Intune. Starting in 2025, admins without MFA enabled will no longer be able to access Microsoft’s admin portals. This rollout is happening in phases at the tenant level, and administrators who haven’t yet configured MFA will need to update their settings to stay compliant.

The 2025 Cloudflare Radar Year in Review is here: our sixth annual review of the Internet trends and patterns we observed throughout the year, based on Cloudflare’s expansive network view.

Ransomware attacks have grown stronger in the last few years. Attackers are now stealing data before locking it. They also pressure victims by posting stolen files on the internet. There are groups that sell ransomware kits, making these attacks easy to run. This has made things worse for businesses all around the world. Teams are looking for ransomware remediation tactics that help them recover fast and reduce the chance of the attacker returning.