Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber insurance is now a routine part of organisational risk management, particularly for organisations with complex IT estates and growing digital exposure. As cyber incidents continue to drive operational disruption and financial loss, insurers are placing greater emphasis on understanding the true level of cyber risk they are underwriting through insurance risk assessments. For senior IT leaders, this often creates friction.

Welcome to the 24th edition of Cloudflare’s Quarterly DDoS Threat Report. In this report, Cloudforce One offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2025, as well as share overall 2025 data.

The evolution of cyber threats is rendering many traditional firewalls obsolete as they are no longer capable of delivering the visibility and protection required in today’s environments. According to WatchGuard's Internet Security Report, network detected malware increased by 15% in the second quarter of 2025, a clear sign that legacy perimeter security solutions are no longer sufficient. Despite this reality, many companies continue to rely on outdated firewalls and hardware.

Sr. Technical Content Strategist The recent attention on OpenClaw brought something we've known for a while at LimaCharlie into sharp focus: Unrestricted AI operations are extremely powerful and incredibly risky. The security challenges presented by AI adoption can rival the productivity gains it delivers. Unrestricted AI agents can read credentials, execute commands, send emails, and make API calls without meaningful oversight.

Identity has become the defining security challenge for organizations navigating SaaS sprawl, AI adoption, and an increasingly distributed workforce.

Web application penetration testing has a reputation for being more complicated than it needs to be, as new testers are often dropped into a sea of tools and terminology with little guidance on how an objective test should flow. The same problem shows up higher up the org chart, with Founders, CTOs, and other technical leaders who regularly receive pentest reports packed with screenshots and acronyms but short on clarity: what actually matters, what can wait, or how serious the risk really is.

Zero-day exploits were among the defining cyber threats of 2025, with high-severity flaws affecting platforms such as React2Shell, Oracle E-Business Suite (EBS), and CitrixBleed 2 highlighting how quickly zero-days can be weaponized and how damaging they can be. To help organizations understand the zero-day threat landscape, Outpost24’s threat intelligence team has compiled a review of the vulnerabilities they encountered in the wild throughout 2025.

Manufacturing is facing a sharp rise in cyber attacks, driven by increased connectivity, IT/OT convergence, and complex supply chains. This blog explores the key threats targeting the sector and explains why proactive, intelligence-led cybersecurity is essential to protect operations and reduce risk.

Artificial intelligence has fundamentally changed how we build software. Generative AI tools help developers write code faster, automate mundane tasks, and solve complex logic problems in seconds. But this speed comes with a hidden cost. When you accelerate development without adjusting your security posture, you inadvertently accelerate risk. Relying on AI-generated code and open-source packages in cloud environments can expose your organization to serious, often silent, vulnerabilities.

Commodity phishing platforms are now a central component of the cybercriminal economy, according to researchers at Flare. These platforms allow threat actors of all skill levels to carry out advanced attacks at scale.