Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

LLMs, agents and retrieval‑augmented models are increasingly being adopted for product analytics, customer support and decision‑making workflows. With that scale comes exposure: AI privacy and security incidents incidents involving customer PII are more common than ever and becoming a compliance issue. Let’s look at the statistics: These underscore the importance of robust guardrails and why relying on privacy tools with mediocre recall is a gamble.

A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog. “This browser-native, fileless framework leverages push notifications, fake alerts, and link redirects to target victims across operating systems,” the researchers write.

Following its launch in 2024, Gartner has now published the second Magic Quadrant for Email Security —and KnowBe4 is delighted to once again be named a Leader! Email security is critical for all organizations globally. Fueled by factors such as GenAI and crime-as-a-service toolkits, the phishing threat landscape continues to become more sophisticated at an alarming pace.

Montreal's recent community event revealed how feature flags, observability, and lifecycle discipline help teams manage complexity without compromising security or stability.

Artificial Intelligence (AI) is transforming software development with agentic coding tools like GitHub Copilot and Cursor, leading the charge. These tools use AI to assist developers in writing code, automate repetitive tasks, and expedite the development process.

On December 3, 2025, coordinated disclosures revealed that multiple releases of React 19 and Next.js contain a critical flaw in the React Server Components (RSC) “Flight” protocol, allowing unauthenticated remote code execution (RCE). The vulnerability originates from unsafe deserialization of attacker-controlled data in server-side RSC payload handling.

Welcome to the 23rd edition of Cloudflare’s Quarterly DDoS Threat Report. This report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the third quarter of 2025.

Cloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free and paid plans, as long as their React application traffic is proxied through the Cloudflare Web Application Firewall (WAF). Cloudflare Workers are inherently immune to this exploit. React-based applications and frameworks deployed on Workers are not affected by this vulnerability.

The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact.

The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.