When Gartner introduced Continuous Threat Exposure Management (CTEM) in 2022, it formalized a problem security teams had been struggling with for years: patching large volumes of vulnerabilities was not translating into meaningful risk reduction. CTEM reframed the problem. Instead of measuring progress by the number of CVEs addressed, it shifted focus to whether attackers could actually reach and exploit assets that matter to the business. What Gartner did not provide was a concrete recipe for execution.

The evolution of cyber threats is rendering many traditional firewalls obsolete as they are no longer capable of delivering the visibility and protection required in today’s environments. According to WatchGuard's Internet Security Report, network detected malware increased by 15% in the second quarter of 2025, a clear sign that legacy perimeter security solutions are no longer sufficient. Despite this reality, many companies continue to rely on outdated firewalls and hardware.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! On first glance, a eye watering headline. However it comes down to them leaving credentials in an S3 bucket… It would have happened anyway.

OWASP (Open Web Application Security Project) is a non-profit organisation that has been in existence since 2001. Its mission is to educate (provide direction) webmasters and security professionals about how to create, buy, and keep secure, trusted software applications.” In simple terms, OWASP is a group of application security companies and experts that work collectively to develop a list of the most serious security threats to web applications.

Crunchbase is a leading market intelligence platform that provides comprehensive data on private and public companies worldwide. Founded in 2007 and headquartered in San Francisco, California, the company serves over 80 million users, including investors, sales professionals, entrepreneurs, and business analysts.

Welcome to the 24th edition of Cloudflare’s Quarterly DDoS Threat Report. In this report, Cloudforce One offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2025, as well as share overall 2025 data.

You probably think the security mantra “you can’t protect what you don’t know about” is an inarguable truth. But you would be wrong. It doesn’t hold water in today’s threat landscape. Of course, it sounds reasonable. Before you secure APIs, you must first discover, inventory, and document them exhaustively. The problem is that this way of thinking has hardened into dogma and ignores how attackers actually attack modern systems.