Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The recently disclosed VMware ESXi vulnerabilities pose a serious security risk, enabling attackers to exploit virtualized environments through VM escape, remote code execution (RCE), privilege escalation, and data leakage. With cybercriminals actively targeting these flaws, organizations must act swiftly to secure their infrastructure.

Customer confidence is the fragile foundation of developing economies, and nowhere is this more true than Asia Pacific where phishing and customer account takeovers (ATO) threaten to bring that foundation crashing down. For financial institutions and airlines in APAC, scam-related fraud is no longer an isolated cost center—it is an existential risk to digital trust and economic growth.

On March 7, amid media focus on the first-ever White House Crypto Summit, the U.S.’s primary national bank regulator, the Office of the Comptroller of the Currency (OCC), quietly issued an interpretive letter that could have significant implications for how national banks engage with digital assets.

This past month, the Vanta team launched new features to help you: ‍

We are thrilled to announce that the GitGuardian App has become the most installed application on GitHub's Marketplace. We are proud to have passed this milestone, with over 418K developers and organizations trusting GitGuardian to detect secrets in their shared repositories. GitGuardian is now protecting over 12.7M individual repositories. We have been the number one installed security application for some time, but now we have become the single most utilized app across all categories.

At its core, cyber risk quantification (CRQ) is a data-driven process that, in the end, offers security and risk managers an overview of their enterprise’s exposure to cyber risk.

Cybersecurity incidents continue to make headlines, with the latest victim being Tata Technologies, a leading global engineering and technology services company. The HUNTUBS ransomware group has claimed responsibility for a major attack, leaking sensitive corporate data. The incident, which resulted in the theft of 1.4 TB of confidential data, has raised concerns about cybersecurity resilience among major enterprises.

Lazarus Group Strikes Again: North Korean Hackers Steal $1.46 Billion in Bybit Crypto Heist In recent weeks, the cryptocurrency community has been rocked by a series of high-profile thefts, including a $1.46 billion suspicious outflow from Bybit, a $11.5 million Coinbase social engineering scam, and an XRP laundering attempt linked to North Korea. Blockchain investigator ZachXBT has been actively tracking these incidents, mapping the stolen funds' movement across multiple chains.

Security analysts need clear visibility into potential threats to proactively defend against cyberattacks. Defining these threats can be challenging, but many security teams rely on the MITRE ATT&CK framework as a foundational resource for strengthening their defenses. While security platforms tag detections with MITRE ATT&CK tactics and techniques, analysts often struggle to assess their overall coverage across different attack surfaces.

CVE-2025-1094 presents a critical challenge to established SQL security paradigms, effectively circumventing fundamental best practices. Though initially reported over a month ago, the gravity of its implications warrants an extensive analysis. This vulnerability challenges the long-held assumption that proper escaping guarantees protection against SQL injection attacks.