Bitdefender warns that a major ad fraud campaign in the Google Play Store resulted in more than 60 million downloads of malicious apps. The attackers managed to place at least 331 malicious apps in the Play Store. In addition to displaying full-screen ads, some of the apps also directed users to phishing sites designed to harvest their credentials. “Most applications first became active on Google Play in Q3 2024,” Bitdefender says.

Cloudflare Email Security customers using Microsoft Outlook can now enhance their data protection using our new DLP Assist capability. This application scans emails in real time as users compose them, identifying potential data loss prevention (DLP) violations, such as Social Security or credit card numbers. Administrators can instantly alert users of violations and take action downstream, whether by blocking or encrypting messages, to prevent sensitive information from leaking.

In today’s world, cybersecurity is more critical than ever. Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is something as simple as a password. Recently, KnowBe4 has shed light on a concerning trend in Denmark and Sweden: a significant number of employees aren't using strong passwords.

Today is the final day of Security Week 2025, and after a great week of blog posts across a variety of topics, we’re excited to share the latest on Cloudflare’s data security products. This announcement takes us to Cloudflare’s SASE platform, Cloudflare One, used by enterprise security and IT teams to manage the security of their employees, applications, and third-party tools, all in one place.

Traditional vulnerability management is broken. It is ineffective. The process of scanning for software vulnerabilities, prioritizing based on CVSS scores, and fixing what you can has become an endless patch cycle. The need for a better approach is clear. Different scanning tools are creating millions of alerts, obscuring critical risks within the noise. Organizations need to go beyond finding and patching vulnerabilities and opt in to a more effective approach to managing exposures.

On March 17th, 2025, security researchers confirmed active exploitation of Apache Tomcat’s recently disclosed vulnerability, CVE-2025-24813. Publicly disclosed on March 10th, the earliest signs of exploitation were observed on March 12th, with attackers leveraging the flaw just 30 hours after disclosure. This vulnerability enables Remote Code Execution (RCE) and information disclosure by exploiting Tomcat’s request-handling mechanism.

Every day, organizations expose their APIs, unknowingly allowing cybercriminals to try and exploit them. A single vulnerability can lead to massive data breaches or help gain unauthorized access. Worst Part? Most organizations realize the weakness when it’s already too late. Without strong security measures, your API is a prime target for attackers trying to exploit unpatched vulnerabilities or misconfigurations in the environments.

Governmental cybersecurity is largely focused on federal government agencies. When we talk about FedRAMP, CMMC, DFARS, and other security standards, it’s almost always with an eye toward the governmental agencies and departments that comprise the federal government and the contractors and suppliers that work with them. For private businesses and non-governmental partners, ISO 27001 provides a great security framework. What about the middle ground, though?