Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-53521 is an unauthenticated remote code execution vulnerability in F5's BIG-IP Access Policy Manager (APM). The flaw exists in the apmd process, the daemon responsible for processing live access policy traffic, and is triggered when a BIG-IP APM access policy is configured on a virtual server and the system receives specific malicious traffic. No credentials are required to exploit it. The vulnerability carries a CVSS score of 9.8 and a CVSS score of 9.3.

You would never jump out of an airplane with only a single parachute. If that main canopy fails, you need a reserve ready to deploy immediately. Yet, countless organizations operate their IT infrastructure every day without a reliable safety net for their most critical asset. They plunge into the digital landscape assuming their primary data storage will never fail. March 31 is World Backup Day, which serves as a crucial reminder to pack your digital parachute.

Ransomware attacks are on the rise. Their quiet nature is one of the main reasons why many organizations are unable to detect them. Ransomware attacks begin with something small, maybe a login at an unusual hour or a script running where it normally should not. There could be many more instances, which may not appear suspicious at first. By the time encryption begins, attackers have already moved deep into the environment.

Anthropic’s new Claude Code Auto Mode Auto Mode is generating well-deserved attention. It introduces a classifier that sits between the developer and every tool call, reviewing each action for potentially destructive behavior before it executes. It’s a real improvement over the only previous alternative to manual approval: the –dangerously-skip-permissions flag. But the announcement is also useful for a broader reason.

Researchers at Malwarebytes warn that cybercriminals are peddling stolen tax documents for as low as $4 per identity, with freshly stolen forms selling for $20 each. These documents allow threat actors to conduct refund fraud, using stolen personal information to claim victims’ tax refunds.

Researchers at SpyCloud warn that the number of stolen identity records on criminal forums rose to 65.7 billion in 2025, a 23% increase from the previous year. “Phishing, malware, third-party breaches, and combo lists feed vast volumes of identity data into the industrialized criminal ecosystem,” the researchers write. “The risk extends beyond compromise – it fuels costly attacks at scale.

The adoption of personal AI assistants is on the rise. everywhere. Developers, power users, and in a few cases, entire teams self-host them to connect messaging apps, automate tasks, and interact with AI models across their infrastructure. But when these self-hosted gateways become compromised, the blast radius can extend far beyond a single user’s chat history.

Your SOC gets a Defender for Cloud alert: “Suspicious API call from AI workload pod.” You click through and find a LIST secrets call against the Kubernetes API server from a pod running your invoice-processing agent on AKS. The pod’s Workload Identity has Contributor access to your key vault. By the time your analyst opens the AKS Security Dashboard, the pod has been rescheduled.

You’ve enabled GuardDuty EKS Runtime Monitoring across your clusters. You’ve configured IRSA for your Bedrock-calling agents. CloudTrail is logging every bedrock:InvokeModel event. And last Tuesday, one of your AI agents exfiltrated 12,000 customer records through a sequence of API calls that every one of those tools recorded as completely normal—because at the control plane level, they were.

Artificial intelligence is moving rapidly from experimentation into everyday use across financial services. From client servicing and research to operations and risk analysis, AI is increasingly embedded in core workflows. This shift is widely recognised within the industry. Recent research indicates that 67% of financial services organisations report rapid AI adoption, with 93% ranking AI as a top security priority heading into 2026. At the same time, governance structures are being established.