Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters.

OPKSSH makes it easy to SSH with single sign-on technologies like OpenID Connect, thereby removing the need to manually manage and configure SSH keys. It does this without adding a trusted party other than your identity provider (IdP). We are excited to announce OPKSSH (OpenPubkey SSH) has been open-sourced under the umbrella of the OpenPubkey project.

Protecting individual privacy is paramount, given the proliferation of Personally Identifiable Information (PII) and other sensitive data collected by enterprises across all industries. One way to protect sensitive data is through PII masking e.g., consistently changing names or including only the last four digits of a credit card or Social Security Number.

The Monetary Authority of Singapore (MAS) is both the central bank and chief financial regulator of Singapore. As such, they publish best practices (“Guidelines”) and legally binding regulations (“Notices”) regarding technology risk management and cyber hygiene.

Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of late March 2025, Cyjax has identified DLSs for 19 new groups this year, as noted in recent blogs on extortion groups Morpheus, GD LockerSec, Babuk2, Linkc, and Anubis.

The global threat intelligence market size was valued at USD 5.80 billion in 2024. The market is projected to grow from USD 6.87 billion in 2025 to USD 24.05 billion by 2032, exhibiting a CAGR of 19.6% during the forecast period. This tremendous growth translates into an increase in both the supply and demand for skilled professionals in threat intelligence.

AI is reshaping industries, but security teams treat it like traditional software. Unfortunately, the real problem is AI models don’t just have bugs—they have systemic vulnerabilities. Adversarial manipulation, data poisoning, and model inversion aren’t edge cases; they’re real threats attackers are already exploiting. Yet, most security programs lack a structured approach to testing AI risks. Conventional pentesting isn’t enough.

The industry treats API security like a checklist—patch a few issues, enforce some rules, and move on. But these risks aren’t isolated flaws; they’re symptoms of a deeper failure in how APIs are designed and secured. Built for speed and interoperability, APIs often expose more than intended, making security an afterthought.