Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

An attacker doesn’t need your password anymore. They don’t even need to break your MFA. They just need to get ahold of your session. And once they have it, they are you. Organizations have focused on securing access for two decades, initially relying on passwords. When passwords proved weak and insufficient, multi-factor authentication (MFA) emerged as the new standard. It was a substantial improvement, adding an extra layer of security to verify users.

Organisations must adopt robust compliance strategies to align with the EU AI Act’s stringent requirements. This involves implementing effective data governance frameworks, ensuring data quality and integrity, and leveraging advanced data security solutions.

The European Union’s AI Act, set to be enforced in 2025, is set to transform how businesses approach artificial intelligence. Designed to regulate AI development and deployment, the Act aims to ensure ethical, safe, and transparent AI usage. However, many organisations still struggle with compliance.

It is no longer surprising that cybercriminals are constantly searching for vulnerabilities to exploit. This is why patch management has become increasingly important in recent years. In fact, Verizon's 2024 Data Breach Investigations Report revealed a significant 180% increase compared to the previous year. This highlights the urgency of having a solid patch management process in place.

Imagine trying to cram a growing population into a city with a limited number of addresses—eventually, you’ll run out of them. That’s exactly what has happened with IPv4, the internet’s original addressing system. With every website, smartphone, laptop, smart TV, and IoT device needing an IP address to connect to the internet, we’ve officially exhausted all 4.3 billion IPv4 addresses!

Every day, organizations expose their APIs, unknowingly allowing cybercriminals to try and exploit them. A single vulnerability can lead to massive data breaches or help gain unauthorized access. Worst Part? Most organizations realize the weakness when it’s already too late. Without strong security measures, your API is a prime target for attackers trying to exploit unpatched vulnerabilities or misconfigurations in the environments.

On March 17th, 2025, security researchers confirmed active exploitation of Apache Tomcat’s recently disclosed vulnerability, CVE-2025-24813. Publicly disclosed on March 10th, the earliest signs of exploitation were observed on March 12th, with attackers leveraging the flaw just 30 hours after disclosure. This vulnerability enables Remote Code Execution (RCE) and information disclosure by exploiting Tomcat’s request-handling mechanism.

Today is the final day of Security Week 2025, and after a great week of blog posts across a variety of topics, we’re excited to share the latest on Cloudflare’s data security products. This announcement takes us to Cloudflare’s SASE platform, Cloudflare One, used by enterprise security and IT teams to manage the security of their employees, applications, and third-party tools, all in one place.

Cloudflare Email Security customers using Microsoft Outlook can now enhance their data protection using our new DLP Assist capability. This application scans emails in real time as users compose them, identifying potential data loss prevention (DLP) violations, such as Social Security or credit card numbers. Administrators can instantly alert users of violations and take action downstream, whether by blocking or encrypting messages, to prevent sensitive information from leaking.

We are excited to announce our latest innovation to Cloudflare’s Data Loss Prevention (DLP) solution: a self-improving AI-powered algorithm that adapts to your organization’s unique traffic patterns to reduce false positives.