Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We see the same pattern across healthcare clients. The servers are locked down, databases encrypted, and GRC documentation is in order. Then we check the browser layer and find a Google Analytics pixel quietly sending appointment URLs and other PHI to third-party servers without a BAA.

On April 10th, 2025 12:10 UTC, a security researcher notified Cloudflare of two vulnerabilities (CVE-2025-4820 and CVE-2025-4821) related to QUIC packet acknowledgement (ACK) handling, through our Public Bug Bounty program. These were DDoS vulnerabilities in the quiche library, and Cloudflare services that use it. quiche is Cloudflare's open-source implementation of QUIC protocol, which is the transport protocol behind HTTP/3.

Security leaders often face challenges that extend beyond the firewall: a major gap in communication between the security function and executive leadership. This misalignment can have severe consequences, including stalling deals, increasing organizational risk, and preventing security from being recognized as a key driver of business growth.

LevelBlue was recognized as a Major Player in the IDC MarketScape: Worldwide Extended Detection and Response Software 2025 Vendor Assessment ( September 2025, IDC.) This recognition follows the analyst firm earlier this month naming Trustwave a Leader in the IDC MarketScape: APEJ Managed Detection and Response Services 2025 Vendor Assessment (doc, September 2025). LevelBlue acquired Trustwave in August 2025.

Agentic AI is transforming cyber threats from phishing and deepfakes into nonstop zero-day exploits and automated ransomware. Most organizations will struggle to keep pace, but the same AI power can drive autonomous defenses that ultimately shift the balance back to the defenders.

It’s a dark and stormy night in cyberspace. Ransomware monsters lurk in the shadows, ready to encrypt and extort unsuspecting businesses.

You’ve seen it before. A vendor slides across a partnership agreement that looks promising—great margins, solid technology, and market demand. But buried in the fine print are the real deal-breakers: minimum monthly commitments, annual sales quotas, and escalating targets that turn what should be a profitable partnership into a financial liability. This is the quota trap.

The cyber security skills gap, the chasm between the demand for qualified security professionals and the available talent pool has evolved from a nagging HR issue into a critical strategic vulnerability. With global cybercrime costs projected to hit an astonishing $10.5 trillion annually by 2025, the lack of skilled defenders is no longer a future problem. It's a clear and present danger to every organisation's bottom line, reputation, and long-term viability.

If getting visibility into and governance over your identity estate feels like a headache that—despite attempts at treatment—won’t go away, you’re not alone. You may have processes or tools, but manual work persists, and new apps and identities appear every day. Sound familiar? Many identity governance and automation (IGA) programs are stalling, and it’s not for lack of effort.

Most organizations are flooded with alerts every day. Security tools flag excessive permissions, dormant accounts, and policy violations—but teams are already stretched thin. Visibility alone isn’t enough to reduce risk. The real challenge is turning that noise into action. When alerts pile up without context or prioritization, analysts lose focus, and critical issues slip through the cracks. Without clear guidance, remediation becomes reactive instead of strategic.