Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups.

On 5 May, 16:00 GMT+0, our automated malware analysis pipeline detected a suspicious package released, rand-user-agent@1.0.110. It detected unusual code in the package, and it wasn’t wrong. It detected signs of a supply chain attack against this legitimate package, which has about ~45.000 weekly downloads.

‍Cyber risks have steadily grown more disastrous over the years, with a single event having the power to cause billions of dollars worth of damage. As business leaders watch the monetary losses pile up, whether facing them firsthand or witnessing industry peers absorb the blow, they have begun to realize that they can no longer conceive of cybersecurity as a technical duty managed solely under the chief information security officer’s (CISO’s) purview.

As the attack surface expands and organizations face pressure from evolving regulatory requirements, it becomes increasingly difficult to align compliance management with overall risk strategy. As a result, many organizations are managing compliance and risk separately, leading to redundancies, inefficiencies, and critical gaps that are overlooked or improperly managed.

The mechanisms and dangers of email phishing are well known, as are the best practices for hardening organizations against it. Its spin-off, called vishing, is nothing new, but it’s both rapidly evolving, and unlike the more mainstream counterpart, too often overlooked by security professionals. According to the CrowdStrike 2025 Global Threat Report, these offbeat attacks saw a 442% increase in the second half of 2024 compared to the first half of the year.

The cyber workforce gap is one of the most pressing and persistent challenges facing the cybersecurity industry. In 2024, ISC2 found that the gap amounted to 4.8 million people globally, up 19% from the previous year. Both public and private sector organizations – including the UK’s NCSC and the SANS Institute – have introduced countless initiatives in an attempt to close the cyber workforce gap, but it keeps growing. Perhaps the US PIVOTT Act will work better?

For banks, the question is no longer if they should act, but how fast they must adapt. Over the last two decades we’ve seen a meteoric rise of fintechs, starting as small startups focused on user acquisition and hypergrowth. Today, these same firms are maturing into sustainable, profit-generating businesses proving they’re here to stay; they are fundamentally reshaping the financial services industry.

We’re proud to share that WatchGuard Technologies has been named the Best Authentication Technology winner at the 2025 SC Awards! This recognition celebrates the innovation behind AuthPoint, our multi-factor authentication (MFA) solution that brings enterprise-grade identity protection to organizations of all sizes, especially those relying on lean IT teams or managed service providers (MSPs).

SOC 2 certification is an audit framework developed by the AICPA that evaluates an organization’s ability to design and operate effective controls related to security, availability, processing integrity, confidentiality, and privacy. It’s a critical assurance tool for service providers managing customer data in the cloud, demonstrating a commitment to robust internal controls and regulatory compliance.