Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The proliferation of AI has rapidly introduced many new software technologies, each with its own potential misconfigurations that can compromise information security. Thus the mission of UpGuard Research: discover the vectors particular to a new technology and measure its cyber risk. This investigation looks at llama.cpp, an open-source framework for using large language models (LLMs).

On April 4, 2025, The Australian Financial Review reported on a set of credential abuse attacks targeting multiple Austrian superannuation funds. These attacks were not breaches of the infrastructure of those companies, but compromises of individual customer accounts via stolen credentials. How were those customer credentials stolen?

Staying ahead of the game is a top concern for security teams as the cyber threat landscape continues to evolve rapidly. Every year seems to bring new technological advances, which also introduce new cybersecurity trends and significant risks. As organizations face these challenges, it’s essential to build proactive defenses, not reactive responses. The next big cyber threat is already here—ready or not.

All security professionals know third-party risk management doesn’t stop after one risk assessment. What about the next vendor? Or the future risks the vendors you’ve already evaluated will inevitably endure? While completing even a single risk assessment can feel like an arduous journey when done manually, all successful TPRM programs continue long after assessment.

It’s no secret that human error still plays a significant role in data breaches - despite ongoing security and awareness training. But how do we finally disrupt this trend? The answer lies in a new approach to human risk management.

If you’re a security analyst, you know the work never stops. Even after your team completes an extensive vendor risk assessment and remediation, you still need to write a report to share your findings with key stakeholders. And this work isn’t a walk in the park by any means. Writing a risk assessment report often requires hours (or even days) of summarizing information, repopulating graphs, and balancing technical details with clarity to cater to technical and non-technical stakeholders.

Organizations today move fast, but slow vendor approvals can grind everything to a halt. As companies increasingly rely on third-party vendors, slow vendor approvals create a serious security bottleneck. This slowdown costs organizations valuable time and resources—and leaves them open to security risks. It’s important to cohesively review and approve vendors to manage third-party risk, but organizations should be aware of just how long those approvals take.

Researchers have discovered a critical security vulnerability in Next.js that allows attackers to easily bypass middleware authorization measures. The vulnerability, designated CVE-2025-29927, was discovered by Rachid Allam and Yasser Allam and since assigned a base CVSS score of 9.1. By skipping checks for authorization cookies, attackers can potentially gain access to restricted areas of applications like admin tools and dashboards.

Managing the vendor remediation process is no small feat. While on the surface, it might seem like the bulk of the heavy lifting is done once you complete your initial assessment, you (and every other security team on the planet) know this couldn’t be further from the truth. After all, if your team doesn’t constantly track remediation efforts and validate corrective actions, how else are you supposed to ensure vendors effectively mitigate the risks you identified?

Staying on top of corporate security trends may seem like a hassle, but it actually has great benefits for your organization. Understanding security trends helps businesses benchmark their performance—including within their specific industry—and strengthen their security posture to align with the best performers.