Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service.

At WatchGuard, we proudly announce that our WatchGuardONE partner program has received the prestigious 5-star rating from CRN, a brand of The Channel Company, in the 2025 CRN Partner Program Guide. This marks the ninth consecutive year WatchGuard has earned this recognition, solidifying the commitment to providing the industry’s most powerful, profitable, and MSP-friendly security solutions.

Thank you for following along with another Security Week at Cloudflare. We’re extremely proud of the work our team does to make the Internet safer and to help meet the challenge of emerging threats. As our CISO Grant Bourzikas outlined in his kickoff post this week, security teams are facing a landscape of rapidly increasing complexity introduced by vendor sprawl, an “AI Boom”, and an ever-growing surface area to protect.

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks concerning cross-border data compliance.

‍ I love working in monolithic repositories. It fosters collaboration, code reuse, and knowledge sharing—some of my favorite aspects of engineering culture here. ‍ However, without guardrails, complexity can grow unchecked, making it harder to reason about the system as a whole. In early 2024, it was clear that our error handling strategies had fallen victim to this, and it was impacting the quality of our product.

tl;dr: There's no silver bullet for keeping secrets out of logs, but if we put several "lead bullets" in the right places, we have a good chance of success.

Card fraud is evolving—fast. With unauthorised payment card fraud surpassing £275 million in the first half of 2024, businesses face increasing financial and reputational risks. Fraudsters steal physical cards, breach databases, and exploit digital channels, making fraud a low-risk, high-reward crime. The consequences? Lost revenue, customer trust, and compliance fines, with the average UK data breach now costing £3.5 million.

The concept of “principle of least privilege” has been around for a long time. In fact, it is older than me; there are papers from the 70s that discuss it: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” (The protection of information in computer systems, Saltzer and Schroeder, 1974).

The landscape of managed service providers (MSPs) is constantly evolving, demanding greater efficiency and robust security. Today, we’re thrilled to announce a significant leap forward in our cloud-based MSP software: the release of Application Control and OS Deployment features in Endpoint Central MSP Cloud.

]India has emerged as the globe's number one cyberattack target, with advanced persistent threat (APT) groups and hacktivist groups escalating their cyber assaults. From denial-of-service (DDoS) attacks to high-profile data breaches, cybercriminals are exploiting vulnerabilities in India's rapidly digitizing landscape.