Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

API security has never been more crucial. Vulnerabilities are growing in volume and severity. AI integrations are a burgeoning attack vector. Increasing GraphQL adoption presents hidden dangers. To protect your organization, you must secure your APIs. Keep reading for our key takeaways from the Wallarm Q2 2025 API ThreatStats report – and find out what you need to do to protect yourself.

On August 26th, 2025, Citrix patched CVE‑2025‑7775, a memory overflow vulnerability in NetScaler ADC and Gateway appliances that allows unauthenticated remote code execution (RCE) and/or denial-of-service. This threat is confirmed to be actively exploited in the wild. Citrix strongly emphasized that no mitigations exist aside from applying the patch immediately.

On August 26–27, 2025 (UTC), eight malicious Nx and Nx Powerpack releases were pushed to npm across two version lines and were live for ~5 hours 20 minutes before removal. The attack also impacts the Nx Console VS Code extension.

Modern AWS environments move fast. Engineers spin up EKS clusters for testing, automation pipelines deploy to production, and AI agents trigger infrastructure workflows via Amazon Bedrock. AWS provides ways to manage access primitives such as roles and privileges to keep up with this velocity, such as STS AssumeRole, OIDC federation, IAM Authenticator, and Identity Center. But the challenge isn’t in these primitives themselves. It's the human factor behind the primitives.

MSSPs operate high-availability Security Operations Centres (SOCs), which enable them to deliver 24/7 security services designed to reduce the burden on enterprises in staffing and maintaining operational security capabilities. MSSPs play a pivotal role by extending security operations on behalf of their clients.

We are pleased to announce that Internxt has passed its second consecutive security audit for all its services from the leading independent European pentesting company, Securitum, which also works with firms as relevant as Proton. Having become the first cloud storage with post-quantum, plus our zero-knowledge policies, when we say your data is private and secure from hackers, it’s not just a claim, but verifiable by external security professionals and experts in the field.

Researchers uncover malicious Python packages, PipeMagic masquerades as a ChatGPT desktop app, and Noodlophile Stealer targets enterprises through social media.

Security teams receive thousands of threat indicators daily. IP addresses, domain names, file hashes, and vulnerability advisories flood their inbox from multiple intelligence feeds. Yet when the next breach happens, you're still caught off guard. Sound familiar? The problem isn't a lack of information; it's a lack of context.