Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-55131 is a high-severity buffer allocation race condition vulnerability in Node.js that can lead to uninitialized memory exposure when using the vm module with execution timeouts. This vulnerability is part of a coordinated Node.js security update addressing eight vulnerabilities across all active release lines.

A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed attackers to gain complete control over GitHub repositories used in AWS CI/CD pipelines, including the widely used AWS JavaScript SDK, introducing a severe software supply chain risk. This vulnerability, codenamed CodeBreach, stemmed from insufficiently restrictive CI pipeline configurations, build triggers, and webhook filters.

According to State of Application Security Report 2025, automated bot attacks surged by 147% year-over-year. This growth highlights a fundamental shift in the threat landscape, where attackers increasingly rely on intelligent automation rather than manual exploitation. For insurance platforms, the impact is direct and measurable. Bot traffic targets logins, agent dashboards, quote engines, claims, and APIs, where even low-volume automation can drive fraud, data exposure, and backend strain.

$140 million Series D. $1.2 billion valuation. A Nasdaq takeover. Trevor loose in Manhattan. It’s been a week. From Bloomberg breaking the news to our Torq skeleton on screen through Times Square, Torq’s unicorn moment played out across every major business and cybersecurity outlet — and a few NYC sidewalks. But beyond the headlines (and the chaos), the coverage revealed something bigger: the market has officially declared that the AI SOC is the future of security operations.

When you think about an IRS publication, you’re probably thinking about the complex forms you need to fill out, usually relating to taxes. That’s not all the IRS publishes, though, and one of the more important documents they maintain is called Publication 1075. When it comes to sensitive information for everyday Americans and private sector businesses, there’s very little more important and more sensitive than tax information.

Over the past few years, artificial intelligence (AI) has supercharged deepfake technology. Creating a fake picture, video, or audio recording of a person used to require a considerable investment of both time and technical skills. Now, generative AI (genAI) platforms can whip up convincing deepfakes in minutes, using only a single photo or short voice clip as a starting point.

Egnyte is proud to partner with Anthropic in the next phase of Claude for Financial Services—making it easier than ever for sales, investment, and compliance teams to bring their content, context, and institutional knowledge directly to Claude with governed, secure access. As financial institutions race to unlock insights from decades of documents, models, and market data, the challenge has never been simply access.