Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

India has taken a decisive step toward shaping a responsible and inclusive AI future. The Government of India’s AI Governance Guidelines (2025) mark a bold framework that balances innovation, accountability, and trust—three pillars critical for sustainable AI growth. At a time when the world is debating the risks and rewards of artificial intelligence, India’s approach stands out for its clarity and cultural grounding.

We have some big news to share today: Replicate, the leading platform for running AI models, is joining Cloudflare. We first started talking to Replicate because we shared a lot in common beyond just a passion for bright color palettes. Our mission for Cloudflare’s Workers developer platform has been to make building and deploying full-stack applications as easy as possible. Meanwhile, Replicate has been on a similar mission to make deploying AI models as easy as writing a single line of code.

Welcome to The researcher’s desk – a content series where the Detectify security research team conducts a technical autopsy on vulnerabilities that are particularly interesting, complex, or persistent. For this issue, we look at CVE-2025-64446, a critical authentication bypass that has been actively exploited in the wild, targeting Fortinet’s Web Application Firewall (WAF) product, FortiWeb.

Security questionnaires are now a standard part of doing business. Whether you’re closing enterprise deals or expanding into regulated markets, every buyer expects proof of your security posture—often in the form of long, repetitive questionnaires. The challenge isn’t finding the answers; it’s answering fast and consistently across formats, languages, and requirements. ‍ That’s where security questionnaire automation software comes in.

BlueVoyant’s Threat Fusion Cell and SOC have been tracking a significant and persistent social engineering campaign that cleverly exploits trusted communication channels to gain initial access to target networks. Since at least mid-October 2025, BlueVoyant has observed a consistent playbook where threat actors employ inbox sabotage as a pretext for highly convincing IT support impersonation over Microsoft Teams.