With each organization facing over 30 critical or high-risk vulnerabilities per website/public-facing asset annually and 31% of these remaining open for over 180 days, the pressure to address vulnerabilities promptly is undeniable. Delays in patching not only increase the risk of breaches but also erode the trust of clients, vendors, and partners while compromising compliance efforts.

The Securities and Exchange Board of India (SEBI) has raised the bar on cybersecurity with its newly introduced Cybersecurity and Cyber Resilience Framework (CSCRF), effective August 20, 2024. For regulated entities (REs)—including stockbrokers, depositories, asset managers, and alternative investment funds—the framework not only requires compliance but also lays out a clear path toward resilience. These new guidelines require REs to implement VAPT and risk management, among other mandates.

A recent discovery by Zafran.io reveals critical vulnerabilities in web application firewalls (WAFs) from providers like Akamai and Cloudflare. Misconfigured origin validation allows attackers to bypass WAF protections and directly access backend servers, creating opportunities for data breaches, DDoS attacks, and more. While most WAF vendors offer IP whitelisting as a solution, implementing it presents significant challenges such as.

As we enter 2025, the cybersecurity statistics from 2024 and previous years reveal a critical landscape of evolving threats, from a surge in vulnerabilities to increasingly sophisticated cyber-attacks. This blog delves into the latest cybersecurity data, exploring trends like zero-day exploits, and unpatched vulnerabilities, to help you craft a proactive strategy for 2025 cybersecurity challenges.