Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You’ve launched your protocol—or you’re close. Engineers are building. TVL is starting to grow. But behind the scenes, your treasury operations are still stuck in browser wallets, spreadsheets, and Slack messages. That’s not just inefficient. It’s a liability. Strong treasury infrastructure isn’t a nice-to-have. It’s a growth enabler. Without it, your finance, ops, and engineering teams spend time plugging gaps instead of shipping products or scaling adoption.

The release of our State of Stablecoins report coincided with my time in Toronto for Consensus 2025, and I could not have asked for better timing. Stablecoins were everywhere: on-stage, in hallway conversations, across the expo floor. This wasn’t just crypto-native energy. It was banks, fintechs, regulators, and payment providers all coming to the same conclusion: stablecoins are no longer theory. They’re infrastructure.

In our recent webinar, Is the Future of the SOC Autonomous?, guest speaker Allie Mellen, Principal Analyst at Forrester Research, joined Tines CEO Eoin Hinchy to explore the future of SOC automation.

We’re excited to announce that ARMO now fully supports Google Kubernetes Engine (GKE) Autopilot clusters! This update comes in response to strong demand from our user community and enterprise customers, many of whom are embracing Autopilot for its simplicity and operational efficiency — while still requiring deep, real-time security observability and enforcement. Get your Kubernetes Security Checklist now.

API latency is often an unnoticed threat in the vast digital landscape, quietly wreaking havoc on system performance, user experience, and—perhaps most critically—security. For security leaders, understanding and mitigating API latency should be more than a performance enhancement goal; it’s a foundational part of any robust cybersecurity strategy.

In today’s highly interconnected digital ecosystem, external APIs have become indispensable for organizations looking to enhance their capabilities and remain competitive. These interfaces allow businesses to seamlessly integrate third-party services, data, and functionalities into their applications, unlocking many possibilities. However, while external APIs offer immense opportunities, they also come with significant challenges, especially regarding security, governance, and risk management.

Expert-driven threat hunting designed to uncover hidden adversaries, strengthen defenses, and streamline security responses–enhancing your Tanium investment.

Grafana—the cloud-native observability dashboard almost every DevOps team relies on—rushed out Grafana 12.0.0-security-01 yesterday to squash CVE-2025-4123, a high-severity open-redirect and stored cross-site scripting (XSS) vulnerability. When chained with the popular Grafana Image Renderer plugin the bug escalates to a full-read server-side request forgery (SSRF), exposing cloud-metadata services and internal APIs.

On April 11, 2025 09:20 UTC, Cloudflare was notified via its Bug Bounty Program of a request smuggling vulnerability (CVE-2025-4366) in the Pingora OSS framework discovered by a security researcher experimenting to find exploits using Cloudflare’s Content Delivery Network (CDN) free tier which serves some cached assets via Pingora.

On May 21, 2025, the FBI and CISA released a joint Cybersecurity Advisory (CSA), designated AA25-141B, warning about the rise in attacks leveraging LummaC2, attributed to a threat group referred to internally as Sticky Werewolf, this cyber espionage campaign has used LummaC2 malware since at least April 2023 to target Russian and Belarusian government agencies, science centers, and aviation manufacturers.