Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

REST APIs are the arteries of today’s digital ecosystems, silently exchanging data between countless applications, users, and devices. Yet, in the race to protect endpoints, authenticate users, and encrypt payloads, the security nuances of API responses are often overlooked. This oversight leaves a dangerous gap where attackers don’t need to break in; they simply listen, observe, and exploit what’s willingly given away.

In today’s increasingly interconnected digital landscape, APIs have become the invisible backbone of organizational efficiency, enabling data sharing, automation, and business innovation with quiet efficiency. However, as APIs proliferate, so do the vulnerabilities and targeted attacks that threaten to disrupt operations, compromise sensitive information, and damage an organization’s reputation.

How do you stop identity-based attacks in real time — across both human and non-human identities? CrowdStrike Falcon Identity Protection now delivers powerful new capabilities to answer that question. The innovations announced today address urgent challenges facing security teams: unprotected non-human identities (NHIs) such as service accounts, insider risk during employee offboarding, and standing privileges in hybrid Microsoft environments.

Threat analysts are being bombarded with hundreds, if not thousands, of threat intel data points including new indicators of compromise (IoCs), evolving threat actor groups, shifts in regions and industries being targeted and new tools, techniques and procedures (TTPs). Security operations must be data driven so you can understand threats and efficiently allocate resources to address your most important requirements.

Online fraud is, unfortunately, becoming a lucrative business for cybercriminals, hackers, and scammers. It’s now easier than ever to use AI to help generate phishing emails, and people can even use fraud-as-a-service to buy pre-made malware to target and steal our financial and business information.

Over the past year, India witnessed a steep rise in cyberattacks. While news focused on big-ticket data breaches and mainstream ransomware attacks, it ignored how the overall threat landscape has become more sophisticated and ingrained. India detected over 369 million malware events between October 2023 and September 2024, at a rate of 702 potential threats per minute on average.

In today’s cybersecurity landscape, security teams face a daunting challenge: managing an ever-growing volume of risks with limited time and resources. Traditional manual risk resolution methods are no longer sufficient. They slow down response times, increase the risk of human error, and strain already stretched teams—ultimately compromising the organization’s security posture. That’s where automated risk resolution comes in.

Ransomware attacks are undeniably on the rise—but just how significant is the increase? According to Bitsight CTI researchers, ransomware attacks (as measured by unique victims listed on leak sites) rose by almost 25% in 2024, and the number of ransomware group leak sites rose by 53%. Ransomware is becoming the go-to tactic for financially driven threat actors seeking quick and substantial payouts.

As mobile apps become increasingly central to business operations and user engagement, securing them from design to deployment has never been more critical. Threat modeling offers an essential first step in identifying and mitigating potential security risks early in the development process. It helps you think like an attacker, spotting weaknesses before they can be exploited.

Stablecoins. Did anyone (in crypto) talk about anything else this May?