Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Email is still the most common attack vector for cyber threats, according to a new report from Barracuda. The researchers found that one in four emails during February 2025 was either malicious or spam. HTML attachments were the most common file type used in phishing emails. “One of the most striking findings from the report is that 23% of HTML attachments are malicious, making them the most weaponized type of text file,” Barracuda says.

When necessary, you water it, monitor it, and weed out what doesn’t belong before it spreads. The same principle applies to cybersecurity. In today’s digital landscape, cyber threats evolve rapidly. From phishing and privilege escalation to rogue access and lateral movement, attacks often take root well before they’re discovered. That’s why detection and response are no longer optional ‒ essential for resilience.

Each year on World Password Day, most password managers will remind you that sticky notes are no place for storing passwords, to avoid using “password123,” or to stop repeating passwords across multiple accounts. That is all sound advice, but we’re in 2025. Passwords are still everywhere, but our relationship with them has evolved — or rather, devolved.

Passwords remain the most widely used and weakest authentication method in the enterprise. They’re still responsible for the majority of breaches, and IT teams spend an outsized amount of time simply managing them. It’s no wonder that security leaders are shifting toward passwordless authentication, a more secure and phishing-resistant approach that replaces traditional credentials with biometrics, passkeys, and FIDO2-compliant sign-ins.

The rapid adoption of AI coding assistants is transforming software development in ways both good and bad. Developers can produce more code faster than ever with AI, and 96% of developers report using AI coding assistants to streamline their work. AI code generation is becoming mainstream, and in late 2024, Google reported that AI writes more than 25% of its code. While GenAI tools increase productivity, they’re also creating more work for application security teams.

At BSidesSF 2025, speakers made clear: emotional intelligence and trust are no longer soft skills—they are mission-critical defenses.

At Sedara we’ve observed a recent rise in email bomb attacks. This security bulletin explains what an email bomb is and how attackers use it to launch more harmful attacks. It also outlines practical steps you can take to reduce your risk of becoming a target.

We're excited to announce that Tanium, a leader in Autonomous Endpoint Management (AEM), has formed a partnership with BlueVoyant, which offers the BlueVoyant Cyber Defense Platform, an industry-leading AI-driven cyber defense platform. Through this partnership, we are helping our mutual customers make the most of their investments in Microsoft Security tools.

In this Digital Era, mobile devices play a fundamental role in our daily lives. Recent studies reveal that the number of smartphone users worldwide has reached over 6.8 billion and is increasing day by day. These devices store most of the sensitive data, like personal and financial data Day by day, the threats of mobile phones increase, and significant growth has been observed where hackers target mobile users. So, in this, we are going to see the top mobile app security trends for 2025.

This blog was written in partnership with the Vouch team. ‍ Today, cyber threats are more pervasive than ever, with businesses facing increasing risks from data breaches, ransomware attacks, and regulatory fines. To mitigate these threats, many companies turn to cyber insurance for financial protection. ‍ However, securing and maintaining cyber insurance isn’t just about paying a premium.