On April 24th, 2025, SAP disclosed CVE-2025-31324, a critical missing authorization check vulnerability (CVSS 10.0) affecting the Metadata Uploader component of SAP NetWeaver Visual Composer. This vulnerability fails to restrict file upload content, allowing unauthenticated remote attackers to achieve full remote code execution (RCE) on affected servers.

The pace of innovation in generative AI has been nothing short of explosive. What began with users experimenting with public apps like ChatGPT has rapidly evolved into widespread enterprise adoption. AI features are now seamlessly embedded into everyday business tools, such as customer service platforms like Gladly, HR software like Lattice, and even social media networks like LinkedIn.

On April 16, 2025, a critical moment unfolded in the cybersecurity world when the U.S. Department of Homeland Security’s funding for the Common Vulnerabilities and Exposures (CVE) Program, operated by MITRE, was set to expire. The CVE system is a globally relied-upon database for cataloging known cyber vulnerabilities and has been a cornerstone of vulnerability management for over 25 years since its public launch in 1999.

Tanium plans to bring the power of autonomous endpoint management with real-time visibility to web browsers providing a stronger front against cyber-attacks.

Fireblocks is now working with Calastone, the largest global funds network, to support Web3 connectivity within Calastone’s Tokenised Distribution solution, a first-of-its-kind solution enabling asset managers to tokenise any fund on Calastone’s network and distribute it across blockchains such as Ethereum and Polygon. Fireblocks is providing secure infrastructure components that enable integration with Web3-native distributors.

In today’s digitally driven world, cybersecurity is no longer just an IT concern, it’s a business imperative. Enter the Chief Information Security Officer (CISO): the executive responsible for overseeing an organisation’s information and cybersecurity strategy. From managing threats and risks to ensuring compliance and resilience, a CISO is critical in protecting a company’s digital assets and reputation.

For several years now, adversaries and red teams have increasingly leveraged Living-off-the-Land Binaries (LOLBins) techniques to compromise targeted systems. By exploiting pre-installed, legitimate software, these attackers are able to evade detection tools, seamlessly blending malicious activities with normal system processes. This approach presents a significant challenge for traditional security measures, which often struggle to differentiate between legitimate use and malicious intent.

It is no secret that AI is advancing at a blistering pace for everyone – including cyber adversaries. The mainstream unveiling of generative AI in 2024 brought about the biggest disruption in computing since the microprocessor. AI solutions promise the world unprecedented levels of efficiency, speed, and automation. However, this seemingly utopian and disruptive technology is evolving more quickly than governance and regulations can keep pace and implement guard rails for use and adoption.

The best security outcomes come from the intersection of security expertise and the ability to act based on risk levels. At Arctic Wolf, we are laser focused on security outcomes for the security leaders and teams across our solutions — Arctic Wolf Managed Detection and Response (MDR), Aurora Endpoint Security, Arctic Wolf Managed Risk, Arctic Wolf Managed Security Awareness , Arctic Wolf Incident Response, as well as risk transfer with the Arctic Wolf Security Operations Warranty.