Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On January 8, 2025, Ivanti published a security advisory announcing the patching of a critical, actively exploited vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Tracked as CVE-2025-0282, the vulnerability allows remote unauthenticated threat actors to achieve remote code execution (RCE) via a stack-based buffer overflow flaw. Ivanti confirmed that exploitation has only been observed in Connect Secure, and no exploitation has been reported in Policy Secure or ZTA Gateways.

The Cyberint (now a Check Point Company) Philippine Threat Landscape 2024-2025 report unravels the evolving cyber threats and scam operations targeting organizations in the Philippines—mainly within the Government, Education, Financial, and Telecommunications sectors. Data from Cyberint sources indicates a surge in cyber threats such as malware, social engineering, and system exploitations.

The year 2025 marks an exciting chapter for BDRSuite as we unveil a roadmap dedicated to empowering Managed Service Providers (MSPs). With a strong emphasis on Remote Centralized Management, we aim to redefine the managed backup experience for MSPs. Additionally, our roadmap introduces new features and enhancements focusing on ransomware protection, virtual environments (Proxmox VE, oVirt, KVM) and latest security updates, addressing evolving market demands and user needs.

Many are familiar with how GitLab leverages Falco in its Package Hunter project to detect threats through system call monitoring. However, fewer may be aware of a powerful GitLab plugin for Falco that ingests audit events directly from GitLab, transforming them into actionable fields within Falco. By integrating GitLab audit event fields, you can create Falco rules to detect potential threats in real time and send alerts through your configured notification channels.

Space Bear is a relatively new ransomware group that first appeared on the radar in April 2024. The gang, which is aligned to the Phobos ransomware-as-a-service group, steals sensitive data from organisations, encrypts victims' computer systems, and demands that a ransom be paid for a decryption key or the data will be published on the dark web.

By James Rees, MD, Razorthorn Security From 2020 to 2024, cybersecurity underwent a transformative period that reshaped the industry. This era witnessed several significant high profile security breaches, whilst the World Economic Forum recognised cybersecurity as one of the top ten threats to global economic stability.

From design to deployment, the rise in AI tools and AI-generated code is changing developers’ workflows, enabling them to focus on more creative and complex tasks. However, while 96% of developers use AI coding assistants to streamline their work, it can have a negative impact on security teams. One-fifth of AppSec teams surveyed said they face significant challenges securing AI-generated code due to how quickly it’s produced.

The discussion about managing the impact of shorter TLS certificate lifespans began with the proposal from Google to shorten the lifespan of public-facing certificates to 90 days. And then the plot thickened when Apple jumped in with a 45-day certificate proposal. We’re not fortune tellers, but we do believe these changes, or something close to them, will happen in the not-too-distant future.

As 2024 draws to a close, I’m reflecting on a year that has been nothing short of transformative for Appknox. This was a year of bold ideas, breakthrough innovation, and meaningful partnerships. It was a year where we didn’t just meet expectations—we redefined them. In many ways, 2024 was about going back to the fundamentals of why we exist: to make mobile application security simple, scalable, and effective.

Read also: Former AT&T employee arrested for fraud, two Indians charged in fraud tech support scheme, and more.