Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Iberia Airlines data breach: What customers need to know
Spain's flag carrier Iberia Airlines disclosed a significant data security incident in November 2025 that should put all customers on high alert. The breach, which occurred through a compromised third-party supplier, has exposed personal information and created new risks for travelers who have flown with the airline.
16 Days of Activism: UK Strengthens Protections Against Online Gender-Based Harms
This week marks the start of the 16 Days of Activism Against Gender Based Violence, a global campaign from 25th November to 10th December that calls for action to end all forms of violence against women and girls. For us, as a charity supporting people harmed through technology, this period is an important reminder that digital abuse is now one of the most common and damaging ways gender based violence is carried out.
Take That, And Rewind It Back: Rubrik Agent Rewind
Take that! And rewind it back! We built Rubrik Agent Rewind to help enterprises unleash AI without risk by providing visibility, control, and recovery capabilities for AI agents.
Weekly Cyber Security News 27/11/2025
Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A bit of a nasty one eh?
Is your phone number safe? The story of how WhatsApp nearly leaked it
Vulnerability in WhatsApp revealed billions of active accounts. Avast explains, why it’s important to keep your phone number private. When we think about protecting our personal data, we often think of our home address, passwords, or banking credentials. But a recent discovery of vulnerability in WhatsApp shows that our phone numbers deserve the same caution. For many of us, WhatsApp is the go-to app for quick communication. It's where we plan family dinners, send memes, and catch up with friends.
From reactive to resilient: Transforming infrastructure management with intelligent workflows
Infrastructure has always been the backbone of IT Operations, but its scope has expanded dramatically. Gone are the days when infrastructure meant only racks of on-premise servers and storage arrays. For many businesses, today's reality is a sprawling, interconnected landscape encompassing multi-cloud environments, modern software-as-a-service (SaaS) platforms, traditional data centers, and emerging edge workloads.
Gradual by Design: What the Cloudflare Outage Reveals About Robust SASE Architecture and Operations
On November 18, 2025, a single configuration file change at Cloudflare disrupted access to large parts of the web. Around 11:20 UTC, Cloudflare’s network began returning a surge of HTTP 5xx errors. Users trying to reach services like X (formerly Twitter), ChatGPT/OpenAI, Ikea, Canva, and many others suddenly saw Cloudflare-branded error pages instead of the applications they expected. Cloudflare mitigated the issue, restored service, and published a detailed public report.
Shai-Hulud 2.0 Exposes Over 33,000 Unique Secrets [Updated Nov, 27]
On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.
Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic
Missing Transition Validation (BLA 4) is a subtle but devastating threat. It exploits the sequence of steps in your application's workflow. The flaw? Your application fails to check that Step 2 (Payment) occurred before allowing access to Step 3 (Confirmation). The attacker simply draws a line straight to the goal! This attack is: Difficult to Detect: It uses valid requests in an invalid sequence. Tightly Coupled: It's unique to your application's specific logic. You need deep, sequence-aware runtime protection.