Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Recently, the security team at LEAKD.COM discovered that about 5 million United States credit cards and users’ personal details had been leaked online. This discovery came about when the security team found 5 terabytes of sensitive data exposed on an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services that is used to store customer information. According to the security team at LEAKD.COM, the party responsible for this credit card leak/breach remains unknown.

Popularly known as text messages, SMS messages are one of the widely used communication channels by Americans. They are generally used for various purposes. For instance, besides being a channel of communication among individuals, several millions of Americans rely on SMS systems to access and secure their social media, email, and online banking accounts, particularly through OTPs (one-time-passcodes), which are typically delivered via SMS.

Over the years, one question seems to come up again and again for QA professionals and testers: “How can we manage test cases efficiently?” It is a challenge that teams across the world face every day, and it is critical to address for successful software development. While we might joke about gathering hundreds of testers in one room to debate the answer, the reality is that testers rarely have time for such discussions.

Who doesn’t love a little glimpse into the future? For cybersecurity—and more specifically, API security - gazing into the magic crystal ball may not strictly be necessary. But there are definite trends that will evolve for 2025 and make API security even more of an imperative for modern businesses. Here are our top five.

Phishing campaign impersonates PayPal, PLAYFULGHOST malware spreads via phishing and SEO poisoning, and the new NonEuclid RAT gains traction.

In today’s interconnected world, supply chains are essential for nearly every product and service. Yet, this interconnectedness comes with vulnerabilities. In fact, 41% of organizations that suffered material impacts from a cyberattack in 2023 report that those cyberattacks originated from a third party, according to the 2024 Global Cybersecurity Outlook by the World Economic Forum. What supply chain security issues might your organization face?

Financial organizations across Europe are actively preparing for the Digital Operational Resilience Act (DORA), taking effect in January 2025. Meeting DORA compliance requirements has become essential for financial institutions as they adjust their operations to match new regulatory standards. The legislation brings substantial changes to information and communication technology (ICT) risk management practices, security protocols, and third-party oversight.

On January 9, the SecurityScorecard STRIKE team uncovered Operation 99, a cyberattack by the Lazarus Group, North Korea’s state-sponsored hacking unit. This campaign targets software developers looking for freelance Web3 and cryptocurrency work. If you thought fake job offers from the group’s Operation Dream Job campaign were bad, this latest move is a masterclass in deception, sophistication, and malicious intent. Here’s why Operation 99 demands your attention.

Insider threats are among the most elusive and damaging forms of cybersecurity risk. According to the Ponemon Institute, 71% of organizations experienced between 21 and 41 insider incidents in 2023, up 67% over the previous year. The average annual cost of insider threats also climbed to $16.2 million per organization, the report found.

Many organizations across critical industries such as healthcare, manufacturing and energy rely on legacy Windows operating systems to run essential equipment. These systems, while operationally vital, are notoriously difficult and costly to upgrade — leaving them vulnerable to modern cyber threats. CrowdStrike is addressing this challenge by expanding our legacy support with the general availability of CrowdStrike Falcon for Legacy Systems.