Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Web Application Firewalls (WAFs) have emerged as indispensable tools not only for blocking cyber threats but also for supporting compliance across various industries and jurisdictions. Whether you’re dealing with sensitive payment information, personal health records, or consumer data, a WAF can significantly simplify your compliance journey.

On April 24, 2025, SAP released fixes for CVE-2025-31324, a maximum-severity zero-day unrestricted file upload vulnerability in the NetWeaver Visual Composer component. Visual Composer is a tool within NetWeaver for creating applications and user interfaces. The vulnerability was discovered by ReliaQuest, which initially observed its exploitation in the wild.

The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center issued the 25th edition of its annual report this month, again noting a jump in complaints and losses from phishing, ransomware, and data breaches among the leading cyber threats. Overall, the FBI’s 2024 IC3 reported $16.6 billion in losses, up from $12.5 billion in 2023, on 859,532 complaints received. This figure was down slightly from the 880,418 complaints received in 2023.

A social engineering campaign is abusing Zoom's remote control feature to take control of victims’ computers and install malware, according to researchers at security firm Trail of Bits. The operation targeted Trail of Bits’ CEO, who recognized it as malicious and didn’t fall for the attack. The researchers have attributed the campaign to the ELUSIVE COMET threat actor.

One of the most critical elements of modern information security is encryption. Encryption is a complex field based solely on the arms race between people seeking secure ways to encode and encrypt data at rest and in transit and those seeking to break that encryption. Encryption is extremely commonplace. Most websites you visit use SSL, the Secure Socket Layer, which uses encryption to secure data traveling between your device and the servers hosting the website.

National Institute of Standards and Technology (NIST)—is a U.S. federal agency that develops and promotes measurement standards, including some of the most widely used cybersecurity frameworks in the world. While originally designed to strengthen the security posture of federal systems, NIST guidelines are now used across industries as a benchmark for best practices in information security, risk management, and compliance.

SaaS sprawl – the proliferation of applications within an organization, including unsanctioned shadow IT – has created an urgent need for IT and security leaders: keeping sensitive data secure while enabling employees to use the apps they need. That’s why we feel that Trelica by 1Password’s inclusion in the 2025 Gartner Magic Quadrant for SaaS Management Platforms marks more than just a milestone. It signals the growing need for unified SaaS governance and security.

API security is no longer just a concern; it’s a critical priority for businesses. With APIs serving as the backbone of modern applications, they’ve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations exposed to evolving threats. Here’s where Threat Replay Testing (TRT) comes into play.

Opti9 Technologies, a leading managed services provider specializing in cloud, security, and application modernization, recently announced that it has achieved Amazon Web Services (AWS) Premier tier in the AWS Partner Network (APN). Achieving AWS Premier Tier Services Partner status distinguishes Opti9 as a proven leader in designing, architecting, migrating, and managing workloads on Amazon Web Services (AWS), demonstrating deep expertise and a strong track record of customer success.

Security operations centers (SOCs) are under constant pressure to keep their organizations secure, while battling alert fatigue, tool sprawl, and ever-rising demands for speed and precision. Analysts today face an overwhelming landscape where context is thin, telemetry is inconsistent, and critical signals are buried in noise. At Corelight, we’re focused on one simple idea: Your network evidence should work wherever your SOC team does.