Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyber Resilience Strategy: How to Build a Strong Framework

Your team is racing against the clock to meet an important deadline. Cybercriminals, however, wait behind the scenes for the right opportunity to attack. It takes a single, well-timed attack to completely disrupt your operations, exposing important data and ruining your brand. With global cybercrime damages projected to hit $10.5 trillion annually by 2025, you must prepare for the worst-case scenario. It’s not enough to just put up walls anymore.

Everything You Need to Know About Card-Not-Present Fraud

Credit and debit cards are vital for online purchases in today’s digital environments, but that doesn’t mean they’re safe from misuse. In 2024, an estimated $10.6 billion was lost due to card-not-present fraud, which accounts for some of the most prevalent scams globally. Card-not-present fraud, or ‘CNP’ fraud, negatively impacts consumers and businesses, causing financial losses and reputational damages.

Detecting and Mitigating the "tj-actions/changed-files" Supply Chain Attack (CVE-2025-30066)

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online: CVE-2025-24813 PoC by iSee857.

Beyond Checkboxes: The Essential Need for Robust API Compliance

APIs serve as essential links in today’s digital infrastructure, enabling data sharing and application integration. However, their widespread use has made them prime targets for attackers. Hence, strict compliance with security regulations is not just optional; it is imperative for business success. The increasing frequency of data breaches and the sophistication of cyber threats highlight the pressing need for strong API security.

Eliminate Security Complexity on Pi Day | WatchGuard Technologies

Cyber threats don’t stop, just like Pi (π). That doesn’t mean your security should be stuck in an endless loop of updates, patching, and stress. WatchGuard delivers real security - tailored to you, eliminating complexity, and keeping you ahead of threats. This Pi Day (3.14), let’s celebrate security that works.

Security Week teaser and Lisbon's waves of entropy

We’re back with new episodes in 2025, kicking off this week with a Security Week teaser. Host João Tomé is joined by Michael Tremante, Sr. Director of Product Management, to discuss what to expect from our first innovation week of the year, starting next week. They also explore the security landscape in 2025 and the importance of simplicity.

NIST SP 800-171 Rev 2 vs Rev 3: What's The Difference?

Government cybersecurity and information security frameworks are a constant work in progress. Many different frameworks draw their requirements from the National Institute of Standards and Technology, and one of the most important documents for cybersecurity is NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.