Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On August 5, 2025, Trend Micro released a short-term mitigation tool addressing two critical command injection vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Apex One. These flaws affect the on-premise Apex One Management Console and have been exploited in the wild. Both stem from a command injection issue that allows unauthenticated, remote threat actors to execute arbitrary code on vulnerable systems. While the vulnerabilities are similar, they differ based on the targeted CPU architectures.

Today, Snyk is launching a powerful enhancement to our API discovery capabilities through a strategic partnership with Akamai. This integration is designed to solve one of the most significant challenges in modern application security: the difficulty of providing API schemas for DAST scanning. By directly ingesting API inventories and their corresponding schemas from Akamai, we are transforming a difficult manual process into a seamless, automated workflow within the Snyk platform.

Today, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business.

What if I told you that compromised credentials still remain the number one avenue of initial access in all cyber security breaches? It’s no exaggeration — according to the Cisco Talos IR Trends report for Q1 2025, over half of all incidents reported involved the use of valid credentials. The 2025 Verizon Data Breach Investigations Report claims credential abuse accounted for 22% of all confirmed breaches.

Welcome, Chefs! Today we are excited to announce the release of The Threat Hunter’s Cookbook: a practitioner’s guide to learning, expanding, and applying your analysis repertoire for threat hunting. In this kitchen, our main ingredient is data!

The Trump administration is making good on its commitment to position the United States as the global hub for digital assets—starting with regulatory clarity. The White House Working Group’s latest report offers the clearest articulation yet of where U.S. policymakers are headed, coming right on the heels of the passage of GENIUS. What’s most notable? This isn’t abstract guidance or high-level principle-setting.

It’s difficult for organizations to stay secure, compliant, and efficient in an ever-expanding SaaS landscape. Every time an employee joins or leaves the company, or a software vendor is added or removed, IT and security teams must grant and revoke permissions, so the right people have access to the right tools. A mistake in this process could allow an offboarded employee to maintain access to sensitive data years after they left the company, so the stakes are high.

Cyberattacks don’t just hit networks. They hit trust. And once that’s gone, the road to recovery can be long and full of questions: Who got in? What did they take? Are they still lurking somewhere inside? That’s where digital forensics comes in. Think of it as the detective work behind the screen, the careful process of combing through digital traces to figure out what happened, how, and who was behind it.

IoT is everywhere, quietly powering everything from smart thermostats in homes to complex systems in industrial networks. While these devices bring incredible convenience and innovation, they also open the door to significant cybersecurity risks, especially in manufacturing and similarly sensitive sectors. The longer devices stay online, the more likely they are to become vulnerable due to outdated software, misconfigurations, or a lack of ongoing security management.