Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

As cyber threats continue to exploit systemic vulnerabilities in widely used technologies, the United States Cybersecurity and Infrastructure Agency (CISA) produced best practices for the technology industry with their Secure-by-Design pledge. Cloudflare proudly signed this pledge on May 8, 2024, reinforcing our commitment to creating resilient systems where security is not just a feature, but a foundational principle.

Ransomware attacks are one of the most significant and rapidly growing cyber threats facing businesses and individuals alike. Ransomware is a type of malicious software designed to encrypt files on a victim’s system, rendering them inaccessible. The attackers then demand a ransom, usually in cryptocurrency, in exchange for the decryption key needed to restore the data. Failure to comply with the demands can result in permanent data loss or public exposure of sensitive information.

Chief Information Security Officers (CISOs) are at the forefront of the AI transformation, tasked with protecting their organisations from an evolving landscape of risks and vulnerabilities. Understanding how AI integrates into security frameworks is crucial for them to stay ahead of malicious actors. This article delves into the AI revolution's implications for cyber security, highlighting the challenges, concerns, and the evolving roles for CISOs navigating this new terrain.

Organisations face significant challenges in maintaining visibility over their expanding technology footprint. Attack surface management addresses the need to understand what technology assets exist, where they’re located, how vulnerable they are and how supply chains might impact security posture.

Protecting a large enterprise is like playing goalkeeper in a soccer match. A CISO’s job is to keep the net clean while multiple attackers close in from various angles, aiming to score. No matter how many shots the goalie blocks, a single goal can win the game for the opposition.

Not surprisingly, with the new US administration bringing in new policies to support digital asset regulations, US banks have been asking Fireblocks what opportunities this creates for them. In a recent webinar with American Banker, we polled US banks to get insights into how they are incorporating digital assets into their strategies. Here’s what we found.

Let’s think about a scenario where an IT operations team needs to track cost anomalies but does not require access to budget configurations or administrative settings. They have to go through the ticketing process to get sufficient access. Managing access to cost data and ensuring the right stakeholders have the appropriate permissions becomes a challenge.

Ask any CTO if they pentest their web apps, APIs, or cloud infrastructure; the answer is almost always yes. But ask if they’ve ever pentested their Salesforce environment, and you’ll likely get a silent—or hesitant- “Doesn’t Salesforce security cover that?” Here’s the problem: Salesforce is not just a CRM. It’s an application stack, a data warehouse, and a workflow engine—all deeply integrated with your business operations.

Starting February 2025, Netskope Threat Labs has tracked and reported on multiple phishing and malware campaigns targeting victims searching for PDF documents on search engines. Once they open the PDFs, the attackers employ various techniques to direct these victims to malicious websites or trick them into downloading malware.

Discover how BSidesSD 2025 challenged traditional GRC, spotlighted data poisoning, and promoted human-driven security insights. Read our highlights from this community event.