Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Why Principle of Least Privilege Matters More Than Ever in a World of Backdoored Large Language Models (LLMs)

The concept of “principle of least privilege” has been around for a long time. In fact, it is older than me; there are papers from the 70s that discuss it: “Every program and every user of the system should operate using the least set of privileges necessary to complete the job.” (The protection of information in computer systems, Saltzer and Schroeder, 1974).

Ultimate Guide: Leveraging Intelligence to Prevent Card Fraud

Card fraud is evolving—fast. With unauthorised payment card fraud surpassing £275 million in the first half of 2024, businesses face increasing financial and reputational risks. Fraudsters steal physical cards, breach databases, and exploit digital channels, making fraud a low-risk, high-reward crime. The consequences? Lost revenue, customer trust, and compliance fines, with the average UK data breach now costing £3.5 million.

How we standardized error handling at Vanta

‍ I love working in monolithic repositories. It fosters collaboration, code reuse, and knowledge sharing—some of my favorite aspects of engineering culture here. ‍ However, without guardrails, complexity can grow unchecked, making it harder to reason about the system as a whole. In early 2024, it was clear that our error handling strategies had fallen victim to this, and it was impacting the quality of our product.

Cross-Border Data Compliance: Navigating Public Security Regulations in a Connected World

It is a significant benefit that the world is connected the way it is, with the potential for even greater interconnectivity. However, this has come at huge costs, too, considering the rise in the direct involvement of state actors engaged in cyber warfare. Against this background, nations have a more acute awareness of digital vulnerabilities, which has radiated into regulatory frameworks concerning cross-border data compliance.

Security Week 2025: in review

Thank you for following along with another Security Week at Cloudflare. We’re extremely proud of the work our team does to make the Internet safer and to help meet the challenge of emerging threats. As our CISO Grant Bourzikas outlined in his kickoff post this week, security teams are facing a landscape of rapidly increasing complexity introduced by vendor sprawl, an “AI Boom”, and an ever-growing surface area to protect.

CVE-2025-29927 - Authorization Bypass Vulnerability in Next.js: All You Need to Know

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service.

Credit Card Cloning: What Is It , How It Works, and How to Protect Yourself

Discover a charge on your credit card that you don’t recognize. It could be from a card cloning event. Card cloning predominantly affects credit cards, but this phenomenon may also impact some payment platform cards (like those from PayPal or Zelle). In short, card cloning occurs when the card’s magnetic strip or chip is used in unauthorized transactions. Credit card cloning is a form of fraud, but it differs from others in its more nuanced elements.

CrowdStrike Falcon Exposure Management Expands Security to Unmanaged Network Assets with Network Vulnerability Assessment

As organizations strengthen endpoint and cloud security, attackers are shifting their focus to often-overlooked network infrastructure like routers, switches, and firewalls. Legacy vulnerability management (VM) solutions struggle to keep pace, relying on slow, periodic scans that fail to provide real-time visibility into emerging threats.

The Future of Agentic AI

Last April, Microsoft Security Copilot taxied down the runway and took flight to help passengers onboard to reach new destinations in cyber defense. BlueVoyant, as a Microsoft Security Copilot pre-launch design advisory council member, was a trusty flight attendant that helped Security Copilot safely take off. Today, as Security Copilot has reached its cruising altitude, Microsoft announced Security Copilot agents that help its passengers to further optimize Microsoft Security tools usage.