Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

This research is published following the public release of a fix and CVE, in accordance with coordinated vulnerability disclosure best practices. CVE‑2025‑60021, a critical command injection issue in Apache bRPC’s /pprof/heap profiler endpoint, was identified during broader analysis of diagnostic and debugging surfaces in the framework. The issue was discovered using Vulnhalla, CyberArk Labs’ AI tool that assists in triaging CodeQL results using an LLM.

Data privacy used to be the realm of hospitals, banks, and fervent devotees of the Fourth Amendment to the US Constitution. Something we knew we wanted but conceptually assumed wouldn’t affect most people. Our dependence on the Internet for almost all aspects of daily life has changed that. In 2026, data privacy and cybersecurity are deeply intertwined. Protecting sensitive information isn’t just about stopping hackers.

The security landscape is shifting. For the past two years, security teams have focused primarily on what users type into chatbots by monitoring interactions with ChatGPT, Gemini, and Claude. But a new risk vector is emerging, one that operates largely outside traditional security controls: AI agents accessing corporate data autonomously through the Model Context Protocol (MCP).

VMware offers a wide range of products, and understanding their different use cases may be overwhelming. In this blog post, we cover the differences between three commonly used technologies in VMware environments: It’s important to note that any ESXi vs. vSphere vs. vCenter comparison should start with a caveat: these technologies are complementary rather than substitutes for one another. NAKIVO for VMware vSphere Backup Complete data protection for VMware vSphere VMs and instant recovery options.

There is a moment that happens in every SOC (Security Operations Center) every day. An alert fires. An analyst looks at a dashboard and sees a UR: POST /vs/payments/proc/77a. And then they stop. They stare. And they ask the question that kills productivity: "What does this thing actually do?" Is it a critical payment gateway? A test function? Does it handle credit card numbers or just transaction IDs?

Adoption fraud can target hopeful families. Discover common scams, warning signs, and how to protect your adoption journey. Adoption fraud can blindside even the most prepared families, especially when emotions run high. Understanding common adoption scams and how to stay safe can help you move forward with more peace of mind. Adoption fraud is a scam in which someone uses deception to extract money, gifts, or emotional leverage from people hoping to adopt.

AI adoption in security has soared. But for many teams, manual work and burnout remain stubbornly high. To understand why, and what security teams must do next, we partnered with Sapio research to survey more than 1,800 security leaders and practitioners worldwide for our Voice of Security 2026 report. We wanted to learn how teams are using AI and automation, how the role of security is evolving, and how professionals believe AI will impact their careers. The data is revealing.

If you stand behind almost any modern checkout today and inspect the network tab, you will rarely see a tidy, controlled set of assets. Instead, you will see 15 to 30 different scripts, ranging from payment orchestration and fraud tools to analytics and session replay, all the way to tag managers, experimentation, consent logic, and accessibility widgets, with many loading from domains your security team has never directly vetted.

Chances are, if you are reading this article, you are comparing Stripe, Adyen, and PayPal (Braintree) on fees, payout timing, and how quickly you can ship the integration. And that would be reasonable. But the security outcome is shaped earlier than most teams think. A payment processor protects card data once it enters its fields and systems. The transaction begins on your checkout page, inside a browser that is also running analytics, tag managers, A/B tests, support widgets, and third-party scripts.