Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Shadowserver group recently identified over 41,500 internet-exposed VMware ESXi hypervisors vulnerable to CVE-2025-22224, a critical Time-of-Check Time-of-Use (TOCTOU) code execution attack. The attackers who gain administrative access to a compromised VM can exploit this flaw to execute arbitrary code on the hypervisor, gaining full control over all hosted VMs and networked assets. Broadcom released emergency patches for ESXi and Workstation products to remediate the flaw.

Sysdig’s 2025 Cloud-Native Security and Usage Report identifies promising trends in how organizations are developing, using, and maintaining everything within their cloud environments. The eighth annual report shares the results of an analysis of millions of containers and cloud accounts. This year’s findings reveal several key areas that have improved, including cloud threat detection and response, AI security, and vulnerability management.

In today’s technology landscape, security leaders often find themselves under immense pressure: their resource-constrained teams are expected to mitigate growing risks, navigate complex infrastructures, and implement best practices, all while justifying their value to executive leadership.

Vulnerability management has always been a challenge, but today’s security teams are feeling the pressure more than ever. With thousands of new CVEs reported every month, the sheer volume makes it difficult to know where to focus. In-use vulnerability prioritization is one of the most effective ways to cut through the noise, focusing only on vulnerabilities that are actively loaded in runtime. To focus on what really matters, security teams need better ways to prioritize risk.

Threat response is a cornerstone of cloud security, but its roots lie in the early days of antivirus software. Back then, responding to threats was fairly linear and straightforward — stop the malicious process, quarantine it, remove or delete if necessary, and move on. However, modern cloud environments have revolutionized how threats operate, making it clear just how much the game has changed.

Cloud security teams are often faced with an onslaught of noise from their detection tooling, making it nearly impossible to distinguish truly malicious threats from benign behaviors. Many threats will go uninvestigated simply because there aren’t enough analysts for the sheer amount of alerts, leaving organizations exposed to potential breaches.

Plugins are shared libraries that conform to a documented API, hooking into the core functionalities of Falco to allow things such as adding new event sources that can be evaluated using filtering expressions/Falco rules. Since Falco is open source, users can build plugins for just about any arbitrary 3rd party event source. In recent blog posts, we discussed how Falco can be extended to event stream sources such as Gitlab, Salesforce and Box via the Falco Plugin architecture.

Vulnerability management in the cloud is more challenging than ever. Security teams are drowning in vulnerability alerts, asked to deal with them quickly even as the list continues to expand. What they lack is a clear path to remediation. Legacy tools flood teams with critical alerts, while offering little guidance on which fixes will be most impactful. Vulnerability management isn’t just about identifying the biggest risks — it’s about taking decisive action.

Organizations benefit from the speed of the cloud, but with great power comes great responsibility. An inadvertent cloud misconfiguration can leave the door open to bad actors. While cloud configuration issues most often stem from human error or lack of awareness, they are unfortunately a leading cause of data breaches.