Data privacy used to be the realm of hospitals, banks, and fervent devotees of the Fourth Amendment to the US Constitution. Something we knew we wanted but conceptually assumed wouldn’t affect most people. Our dependence on the Internet for almost all aspects of daily life has changed that. In 2026, data privacy and cybersecurity are deeply intertwined. Protecting sensitive information isn’t just about stopping hackers.

Angular applications often rely on built-in protections to handle user input safely. However, a recently disclosed vulnerability shows how gaps in this trust can lead to client-side attacks when input is not properly handled. The vulnerability lies in Angular’s template sanitization logic, where improper handling of SVG elements during template compilation allows attackers to execute arbitrary JavaScript in a user’s browser.

2025 marked a pivotal year for SafeBreach as we took our first steps in our evolution from the pioneers in Breach and Attack Simulation (BAS) to the leader in Continuous Threat Exposure Management (CTEM). The year was marked by a number of impressive highlights, all of which we could not have achieved without the partnership of our employees, customers, and partners: Read on for more in-depth insights into the year that was 2025 for SafeBreach and a sneak peak at what’s in store for 2026.

This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue in Apache bRPC’s /pprof/heap profiler endpoint, was identified during broader analysis of diagnostic and debugging surfaces in the framework. The issue was discovered using Vulnhalla, CyberArk Labs’ AI tool that assists in triaging CodeQL results using an LLM.

Learn how a Threat Intelligence Platform (TIP) centralises, enriches, and prioritises threat data to deliver actionable cyber intelligence at scale.

The fact that you’re here is proof enough that API is somewhere disturbing your or your security team’s sleep. Whether it is 99% of organizations reporting API security issues in recent surveys, or it’s a compliance/client mandate. We know you are (fear you soon will be) grappling with shadow APIs, misconfigured endpoints leaking sensitive data, BOLAs, unauthorized access, and more.

In today's threat landscape, an effective endpoint protection platform (EPP) is the cornerstone of an organization’s security posture. Built on this foundation, the CrowdStrike Falcon platform has established itself as a pioneer of AI-native security, enabling organizations across every sector and size to unify and automate their defenses across endpoint, identity, cloud, and data.