Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SAP disclosed a critical RCE vulnerability(CVE-2025-31324) on April 24, 2025, impacting the Visual Composer Framework in NetWeaver Application Server Java, version 7.50. This flaw poses a serious risk to enterprises relying on SAP NetWeaver for their mission-critical operations. Unauthenticated attackers can exploit this vulnerability to upload and run arbitrary files on SAP servers, potentially resulting in complete system compromise.

Are you relying on free WAFs to keep your business safe? While they might seem like an easy, budget-friendly option, can they really protect you from sophisticated cyber threats like SQL injections, XSS, and bot attacks? Or are you missing critical layers of defense as your business scales? In this guide, we’ll answer these questions and more, comparing free and paid WAFs to help you understand the risks, features, and real-world implications of each.

The Apache Software Foundation has disclosed a high-severity vulnerability in Apache Tomcat that could let attackers exploit improperly handled Priority headers in HTTP/2 to cause a denial of service (DoS). Tracked as CVE-2025-31650, this flaw stems from improper input validation, specifically when the server handles malformed Priority headers in HTTP/2, resulting in memory leaks and potential OutOfMemoryExceptions.

In the race to deliver software faster and more frequently, Continuous Integration and Continuous Deployment (CI/CD) pipelines have become the backbone of modern DevOps workflows. But with this speed comes a critical trade-off — security. Integrating security checks into your CI/CD pipeline is no longer optional; it’s a necessity. This is where CI/CD security scanning steps in.

The 2025 edition of Verizon’s Data Breach Investigations Report (DBIR) shows a new reality: about one in five confirmed breaches now starts with exploitation of a software vulnerability, a 34 percent jump over the previous year and the first time the vector has surpassed phishing.