Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Departing workers can pose significant risks to data. Let me share a story about an individual who stole and deleted valuable research data right before submitting his resignation: six weeks after a contingent worker left the company, the FBI contacted us. It turned out that the individual had tried to sell the company’s confidential data to a third party. When he left, everything seemed normal.

The rush to work faster with artificial intelligence (AI) risks encouraging employees to accidentally put sensitive data at risk. Take this scenario: someone in the procurement team has a tight deadline, so they upload a confidential contract into an AI tool to review a few redlines. It’s unclear if the AI system is storing the data from the contract, how long it’ll be retained, and if the data will resurface in a future prompt to someone else.

Researchers have discovered a critical security vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures. The vulnerability, designated CVE-2025-29927, was discovered by Rachid Allam and Yasser Allam and since assigned a base CVSS score of 9.1. By skipping checks for authorization cookies, attackers can potentially gain access to restricted areas of applications like admin tools and dashboards.

Imagine waking up one day to find all your business files, customer records, or personal memories gone—forever. No warning, no way to recover them. Scary, right? That’s why World Backup Day exists. It’s a reminder to businesses and individuals to protect their critical files before disaster strikes. On March 31st, take the time to back up your data and ensure your information is secure—because losing data is no joke.

First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation.

All the major vulnerability scanning vendors have strengths, but asset tracking isn’t one of them. Some workarounds exist. However, if you are using one of the most popular vulnerability scanning tools, it’s likely you will struggle with asset tracking.

Imagine receiving an urgent email from your bank that looks perfectly legitimate. It warns you of a suspicious transaction and prompts you to verify your identity. You hesitate but click, and suddenly, your credentials are compromised. This scenario, crafted by AI-powered fraud-as-a-service, is happening now.

We would like to recognize Amit Serper, Travis Lowe, Tony Gore, Adrian Godoy, Mihai Vasilescu, Suraj Sahu, Pablo Ramos, Raj Jammalamadaka, Lacie Griffin, and Josh Grunzweig for their contributions in authoring this publication. CrowdStrike is committed to protecting our customers from the latest disclosed vulnerabilities. We are actively monitoring activity surrounding “IngressNightmare,” the name given to recently identified vulnerabilities in the Kubernetes (K8s) ingress-nginx controller.

In today's digital world, the stakes of data loss are high, and the cost of cybercrime continues to escalate. In fact, Ponemon Institute estimated that the average cost of a data breach was $4.45 million in 2023, a 15% increase over the previous three years. As a result, organizations are now deploying a combination of detection and remediation controls in addition to Data Loss Prevention (DLP) technologies. Why?

Today, data is one of organizations' most valuable and vulnerable assets. Effective backups are essential for operational continuity and cybersecurity. With 80% of businesses exposed to ransomware attacks, this World Backup Day emphasizes the need to regularly back up critical systems to minimize downtime and ensure quick recovery from incidents. However, many organizations still face challenges with backup and restoration processes.