Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the days leading up to the publication of the Apache Camel Message Header Injection via Improper Filtering, now known as CVE-2025-27636, alarmist noise emerged from the wider cyber community, with Kevin Beaumont describing it as an “end of the world zero day” in Apache Camel, along with explicit details on how elements of this vulnerability worked.

In this case study, we walk through the journey of one of our service users and their family who were caught in a cyberstalking nightmare. From the initial report of stalking to the pursuit of justice, we follow their turbulent case marked by false allegations, manipulative tactics, and systemic obstacles.

Within the cybersecurity landscape, zero-day vulnerabilities have become a significant threat to companies, especially bigger enterprises. It is a form of cyberattack in which a security flaw that is undiscovered by the organization is exploited by attackers. Zero-day threats pose a serious challenge to enterprises as it becomes difficult to detect and mitigate an attack which is unknown.

AI code generation is exactly what it sounds like — using artificial intelligence to write and improve code. Tools powered by large language models (LLMs) and specialized AI systems can help developers generate boilerplate code, fix bugs, and even refactor entire sections of an application. And developers are leaning in. According to a GitHub survey, 92% of developers have already used AI coding tools at work or on personal projects.

Security is often seen as a roadblock in development, slowing releases and adding friction between teams. However, as software development cycles become faster and more complex, security must evolve from a blocker to an innovation driver. DevSecOps ensures security is a core part of the development workflow, and automation plays a crucial role in making this integration smooth and effective.

Application Programming Interfaces (APIs) have revolutionized connectivity and data sharing, but their pervasiveness has also created a new set of cybersecurity challenges. As businesses continually expand and update their applications, they often overlook APIs left behind by developers — shadow and zombie APIs — that continue to operate undetected. These abandoned APIs become silent risks, operating in the background, unknown to most security teams, and they can pose serious security threats.

In the world of information security, we love to believe that our countermeasures, defence in depth strategies and preventative controls will shield us from disaster. We invest in technology, develop policies, train our people and implement procedures – all in the hope that we’ll never face a serious security breach. But as any seasoned security professional will tell you, incidents are inevitable.

A critical aspect of manufacturing, energy, and transportation is Industrial Control Systems (ICS) and Operational Technologies (OT). The rapid pace of digital growth makes these systems susceptible to cyberattacks. OT and ICS system security is important, making penetration testing an essential activity. This tactic makes it possible to mitigate weaknesses so they are no longer vulnerabilities. It is an effective measure of asset protection.

2025 could be the most challenging year yet for the digital environment. As emerging factors such as the duality of AI, the rise in cybercrime, or the shortage of cybersecurity talent impact business, we ask the question, what should companies expect going forward?

With the rise of hybrid work and software-as-a-service (SaaS) applications for core business functions, as well as the near ubiquity of the cloud, organizations’ attack surfaces are no longer easily defined. In many cases, they are rapidly expanding. This presents both new opportunities for threat actors and new challenges for security teams, giving rise to a new tactic for security posture improvement — attack surface management.