Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Software supply chain attacks cost businesses $45.8 billion globally in 2023 alone, and is projected to exceed $80.6 billion by 2026. According to Gartner’s projection, 45% of organizations will experience software supply chain attacks this year. These emphasize the importance of software supply chain security and the need for every organisation to prioritize it.

Read also: Five Smokeloader botnet customers arrested, servers seized, alleged "Scattered Spider" member pleads guilty, and more.

On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps streamline the process by integrating many of these recommendations into a single, cloud-native solution.

A newly disclosed vulnerability in Ivanti Connect Secure (ICS) VPN appliances has been weaponized in the wild by a Chinese nation-state threat actor, UNC5221. Tracked as CVE-2025-22457, this critical stack-based buffer overflow vulnerability allows unauthenticated remote attackers to execute arbitrary code, posing a significant risk to enterprise networks.

With an information era in which information equals money and threats change daily, Artificial Intelligence (AI) has become a frontline watchman of the world against cyberattacks. From credential stuffing discovery to darknet monitoring capabilities, AI is empowering security teams with the capability to predict, identify, and defeat threats quicker than ever before. But while AI tools redefine defense systems, they also introduce new challenges of transparency, compliance, and ethical governance.

Mobile banking has quickly become a way of life — whether you're transferring cash on the go, checking your balance from your wristwatch, or paying dinner bills with a QR code. But with convenience, there is risk. Cybercrooks are tuning in, testing, and coming up with more ways to get in. From synthetic identities to fake apps, the threats are imminent and continuous.

You’ve heard it a hundred times – security is everyone’s responsibility. But when security starts slowing things down, it’s usually engineering teams that feel the pain. Nobody wants to be the one responsible for shipping vulnerabilities into production, but at the same time, nobody wants security to be the reason releases grind to a halt. This is the dilemma DevSecOps was supposed to solve – bringing security into the development process without breaking everything.