Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AppsFlyer’s JavaScript SDK has been compromised in an active supply chain attack. Websites loading the script are serving malicious code to their users without any changes to their own codebase.

Cybercriminals don’t rest. Neither should your defenses. As digital threats grow more advanced and persistent, organizations face a harsh reality: traditional security controls alone are no longer enough.

The number of ransomware attacks increased by 50% in 2025, even though the number of victims who decided to pay the ransom fell to an all-time low, according to a new report from Chainalysis. The size of the ransom for victims who did pay increased significantly, growing 368% year-over-year to nearly $60,000. The total ransom payments observed by Chainalysis last year amounted to $820 million.

Security leaders are under pressure to reduce risk faster while proving value to the board and controlling costs as environments expand across cloud, identity, and SaaS. Traditional SIEM pricing models were not built for this reality. They charge equally for every gigabyte of data and often introduce unpredictable AI consumption costs, forcing security teams to manage budgets instead of focusing on risk.

As organizations increasingly rely on Microsoft Teams for internal and external collaboration, the platform’s chat and file-sharing capabilities have become central to daily operations. However, speed and flexibility come with risk. User-managed collaboration tools can create challenges in maintaining control over data access and enforcing compliance with organizational sharing and usage policies.

Two new features this week, both pushing in the same direction: make certificate lifetimes someone else’s problem.

SCA tools often generate multiple CVEs for the same dependency, creating unnecessary tickets and slowing remediation. Aggregating those findings into a single fix helps AppSec teams reduce ticket sprawl and align security work with how developers actually resolve vulnerabilities.

Cloudflare’s AI Security for Apps detects and mitigates threats to AI-powered applications. Today, we're announcing that it is generally available. We’re shipping with new capabilities like detection for custom topics, and we're making AI endpoint discovery free for every Cloudflare customer—including those on Free, Pro, and Business plans—to give everyone visibility into where AI is deployed across their Internet-facing apps.

Storyboard sections are here! Have you ever built a Tines story and thought, “How am I going to explain this so that anyone can understand it right away?” We are excited to introduce the following ways to instantly bring visual clarity to your workflows.

SaaS uptime doesn’t guarantee you can recover fast or restore the collaboration context you need. The Shared Responsibility model/Limited Liability model gap shows up as money lost through rework, downtime, compliance drag, and trust friction. It’s usually driven by short retention, missing metadata after exports or migrations, untested restores and recovery copies that are not separated from production admins.