Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A lot moved in May. ThreatSpike product updates this month spanned almost every corner of the platform, and a good few the community has been asking for. From port scanning in automated recon, to PDF imports into the Knowledge Base – the list covers a lot of ground. Below is everything that shipped, what it does, and what’s been fixed.

Security Insights provides actionable security recommendations for every Cloudflare account. To find these insights, we perform regular scans for all accounts, zones, and DNS records, looking for potential security risks and misconfigurations. However, two key issues emerged. First, our scans were too infrequent. Scans were only being performed every week or two, and therefore newly introduced security risks could remain undetected for up to two weeks.

Security teams have spent years securing human logins, service accounts, and machine identities. Agentic AI introduces a more autonomous class of software actor: systems that can plan, call tools, delegate tasks, and act across environments. This is a concern because most access models were built around static roles and pre-approved permissions. Multi-agent systems put a new spin on those assumptions.

From a fast-growing ransomware affiliate network to a politically motivated DDoS collective and a prolific data extortion group, these three threat actors represent distinct but pressing risks across sectors and regions. CYJAX breaks down what each group does, why they matter, and what security teams should know.

A manufacturer's most valuable assets rarely sit in a vault. They live in CAD files, chemical formulations, process parameters, supplier contracts, and tooling specifications that move every day between engineers, plants, partners, and contractors. That movement is what makes the business run, and it is also what makes trade secrets easy to lose. A departing engineer copies a design folder. A contractor forwards a spec sheet to a personal account.

Ransomware is a type of malware that blocks access to a victim’s system or network. Once the attack runs, it can encrypt selected files, lock systems, or disrupt access to business operations. Then, they demand a ransom in exchange for restoring access or providing a decryption key. In many cases, ransomware encrypts files so the victim cannot use them. Some ransomware can also lock systems or disrupt access to business operations.

AI adoption in the DevOps field has been extensive. Developers use agents daily to broaden context, automate coding, prototype, etc., saving time and minimizing the footprint of mundane tasks. But it’s not all about gains. Agentic AI enables and introduces security threats that were unknown just a few years ago. With machine speed and scale, these can impact your corporate repos in a number of highly dangerous ways. The trend is on the rise, including at the level of popular DevOps platforms.

Imagine you give an AI agent permission to triage support tickets. A few weeks later, it’s accessing a system no one intended it to reach, putting the data within at risk of exposure or misuse. Nothing dramatic happens at the moment. That’s what makes the risk tricky. AI agents don’t wait for approval the way traditional systems do, and they move faster than the controls you’ve set around them.

Email is one of the primary ways people share information, connect with customers and get work done. It is also one of the easiest channels for risk to slip in. A mistyped address, an exposed attachment, a missed opt-out, or a rushed response to a phishing message can all lead to serious problems. That is why email compliance matters. It helps define how your organization handles email, what is allowed and how to report on activity when something goes wrong.

AI-generated fraud schemes are now the dominant type of fraud, according to a new report from AU10TIX. AI-assisted forgeries overtook physical manipulation for the first time, as these tools allow attackers to fool humans and technology with very little manual effort.