Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

After decades of innovation in personal technology, ranging from watches that track personal fitness, mini super-computers that we call phones, and a whole host of other gadgets and self-help technologies, our companies still rely on one technology that started over 45 years ago – the laptop. Fun fact: the first one, called the Osborne 1, weighed 24 pounds! The modern laptop has a better screen, longer battery life, and weighs significantly less, but at its core is still a hard drive.

Microsoft warns that a new criminal threat actor dubbed “Storm-2755” is launching payroll-pirate attacks against Canadian users. These attacks use social engineering to compromise employee accounts and divert salary payments to attacker-controlled bank accounts.

Over the past two and a bit quarters, we've undertaken an intensive engineering effort, internally code-named "Code Orange: Fail Small", focused on making Cloudflare's infrastructure more resilient, secure, and reliable for every customer. Earlier this month, the Cloudflare team finished this work.

On April 29, 2026, details about the ‘Copy Fail’ vulnerability (CVE-2026-31431) were publicly disclosed. This high-severity (CVSS score of 7.8) privilege escalation vulnerability impacts Linux distributions shipped since 2017. It allows an unprivileged local user to obtain root-level access on affected Linux systems by corrupting the kernel’s in-memory page cache of a privileged binary.

The NIS2 Directive has officially shifted from being a conversation for the future to an operational reality across Europe. Regulators are now activating mandatory registries, launching process supervision, and most importantly, laying the groundwork for enforcement actions against non-compliant organizations. For many companies, this is the period of highest risk. What was previously perceived as a complex or distant requirement now has a direct impact on the business.

Phishing reports and customer complaints are not early warning signals. By the time they arrive, attackers have already built the infrastructure. Lookalike domains are live, credential harvesting pages are indexed, and the exposure window is open. To stop digital impersonation attacks, organizations need to shift detection to the infrastructure preparation stage, before distribution begins.

Whether you’re juggling travel bookings with friends or packing the kids’ suitcases, planning a summer vacation can be far from relaxing. And once you get to your destination, the confirmation codes and passport numbers are always buried in the group chat when you need them most. But when you have all your travel essentials saved securely in one place, you can skip the scramble and put safe travels on autopilot.