Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance security? Bybit might just have the answer. Bybit—one of the world’s leading cryptocurrency exchanges— recently leveraged the power of an API in the wake of a devastating security breach that resulted in a staggering $1.5 billion loss.

On 11 February 2025, a Telegram user called ExploitWhispers shared a ZIP file to a Russian-language Telegram channel. The user claimed that this file contained the internal Matrix chat logs of the BlackBasta ransomware group and was captured between 18 September 2023 and 28 September 2024. The user also shared information about some of the BlackBasta members, including one of the operation’s admins, the group’s administrator, and leader Oleg Nefedov.

Cyjax monitors and analyses the initial access broker (IAB) market on the most prominent cybercriminal forums. As noted in Cyjax’s 2024 IAB market in review, it is almost certain that extortion groups, APTs, data brokers, and other threat groups use IABs to gain initial access to targeted networks. Though at first glance it is not immediately obvious how important the IAB market is to the threat landscape, Cyjax has conducted a deep analysis of public IAB listings and extortion group DLSs.

Security Operations Centre (SOC) analysts are at the forefront of cybersecurity defence, managing thousands of alerts every day. The overwhelming volume of these notifications makes it increasingly difficult to distinguish legitimate threats from false positives, leading to analyst burnout and operational inefficiencies. Studies show that up to 62% of alerts are ignored, resulting in missed threats and the further weakening of an organisation’s security posture.

As we stand on the brink of the agentic AI revolution, it’s crucial to understand the profound impact AI agents will have on how people, applications and devices interact with systems and data. This blog post aims to shed light on these changes and the significant security challenges they bring. It’s important to note that given the rapid pace of advancements in this field, we could not have anticipated many of the challenges discussed here just a few months ago.

Sam Altman’s recently published “Reflections” blog is one of those pieces that made me stop mid-scroll and wonder, “We’re really right in it, aren’t we?” Part think piece, part reality check, it’s a fascinating article that balances enthusiasm for AI’s potential with the very real warning signs flashing over all our heads.

The Mayor of London has cut funding for victims of online crime in the capital at a time when 98% of reports to the police are given ‘no further action’. In fact, victims are seven times less likely to see their perpetrator charged or summoned compared to victims of offline crime. From the 1st of April 2025, dedicated online crime victim services will be shut down and thousands of victims will go without specialist support.

ESET warns of a wave of phishing attacks informing employees that they’ve been fired or let go. The emails are designed to make the user panic and act quickly to see if they’ve actually lost their job. If a user falls for the attack, they’ll be tricked into downloading malware or handing over their login credentials.

Zimperium warns of a surge in phishing attacks specifically tailored for mobile devices. These attacks are designed to evade desktop security measures in order to breach organizations through employees’ smartphones. Mobile phishing includes SMS phishing (smishing), QR code phishing (quishing), voice phishing (vishing), and mobile-targeted email phishing.

Ever get one of those annoying error messages on your phone that gives way too much detail? You know, the ones that tell you the line of code that failed or the exact database query that crashed the app. As an app user, you may dismiss the message and move on. But did you know those overly verbose error messages could be exposing your personal data?