Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The 2025 edition of Verizon’s Data Breach Investigations Report (DBIR) shows a new reality: about one in five confirmed breaches now starts with exploitation of a software vulnerability, a 34 percent jump over the previous year and the first time the vector has surpassed phishing.

It’s easy to think of ISO 27001 as a simple checkbox requirement to get through quickly. Still, technical vulnerabilities in constantly changing environments require more than short-term fixes, as ISO 27001 requires a structured approach for managing them specifically. Here’s the kicker: 60% of breaches exploited known vulnerabilities for which patches were available, but were either delayed or missed. Although the policy may exist, its execution often falls short in the details.

A quarter century ago, a former computer science student from the Philippines accidentally unleashed one of the most destructive computer viruses in modern history.

The rapid adoption of AI coding assistants is transforming software development in ways both good and bad. Developers can produce more code faster than ever with AI, and 96% of developers report using AI coding assistants to streamline their work. AI code generation is becoming mainstream, and in late 2024, Google reported that AI writes more than 25% of its code. While GenAI tools increase productivity, they’re also creating more work for application security teams.

In a previous security bulletin sent by Arctic Wolf on April 17, 2025, we advised of a credential access campaign targeting SonicWall SMA devices along with remediation guidance. As of April 29, 2025, SonicWall has updated their advisories for several vulnerabilities that are now linked to ongoing exploitation in the threat landscape.

In the vast landscape of cybersecurity, it’s often not the zero-click iPhone exploits or flashy ransomware variants that expose the most users — sometimes it’s the tools we’ve trusted for decades. One such example is CVE-2025-33028, a vulnerability in WinZip, a program that’s been a staple in personal and corporate environments for over 30 years.

If you’re building software, chances are your environment looks nothing like it did a few years ago. Monolithic applications have given way to microservices. On-prem systems have migrated to multi-cloud. Waterfall has become agile, and developers are pushing code daily (sometimes hourly). Security, meanwhile, is still catching up.

Welcome to the Threat Context Monthly blog series where we provide a comprehensive roundup of the most relevant cybersecurity news and threat information from KrakenLabs, Outpost24’s cyber threat intelligence team. Here’s what you need to know from April about EncryptHub, EncryptRAT, and the Media Land leak.