Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

APIs are now the foundation of SaaS product development, powering authentication, user onboarding, billing, integrations, webhooks, analytics, and internal microservices. As this API footprint grows, the threat landscape has intensified. The Indusface State of Application Security H1 2025 Report recorded a 104% rise in API-targeted attacks, a 13X increase in API vulnerability exploits, and 388% more DDoS attacks on API hosts than on websites.

During the first half of 2025, APIs faced significantly higher number of attacks than traditional web applications. On average, attacks per API host were 72% higher than those targeting websites, and exploitation of API vulnerabilities surged 13× compared to a 27% increase for website vulnerabilities, according to the State of Application Security Global H1 2025.

The automotive industry is undergoing a profound transformation. With vehicles now functioning as software-defined, connected platforms, manufacturers face unprecedented security challenges. From over-the-air (OTA) updates and telematics to ADAS, battery systems and mobility services, every vehicle today relies on digital identities and cryptographic trust. Historically, OEMs have relied heavily on Tier 1 suppliers to manage keys, certificates and firmware signing processes.

Artificial Intelligence is everywhere nowadays. It helps teams to be more productive, but at the same time, it can threaten your critical project management data. The introduction of AI into Jira opened up new paths for attackers to exploit, new vulnerabilities coming up internally, and human errors. So, in this article, let’s speak about AI data loss in Jira and what measures to take to protect your sensitive data in Jira Cloud.

Cyber security is a critical business enabler. Proactive cyber security measures, such as penetration testing, threat monitoring, and staff training, reduce the likelihood of breaches and operational disruption. However, demonstrating the return on investment (ROI) of these initiatives can be difficult to quantify.

The retail sector approaches the 2025 peak holiday season facing a perfect storm. We are no longer contending with opportunistic human fraudsters or rudimentary scripts. We face a tidal wave of autonomous, generative AI-powered agents capable of mimicking human behavior. According to Ran Arad, a subject matter expert at Memcyco, we must view phishing, digital impersonation, and account takeover (ATO) as an interrelated lifecycle. Usually, a phishing attack provides the link to an impersonating site.

Two Indiana healthcare providers, Goshen Health System and Hancock Regional Hospital, recently reached settlements tied to the use of website tracking technologies, including Meta Pixel. Neither organization admitted to any deliberate misconduct, emphasizing that the settlement is done to avoid the cost and disruption of continued litigation.

If you’ve browsed the FedRAMP marketplace in the interest of using a government-certified service, either as part of your own services or on behalf of an agency, you’ve likely seen the various -aaS designations. The “aaS” stands for “as a Service”, and it’s part of how modern internet services function. What are the different kinds of services, and how do they engage with FedRAMP? The differences can be important.

Black Friday is one of the most demanding seasons for the retail sector. Massive spikes in online traffic, aggressive promotions, and pressure to keep services available significantly increase the risk of an attack. Cybercriminals are aware of this and exploit the saturation to launch ransomware campaigns, phishing attempts, and supply chain attacks that aim to disrupt operations, steal sensitive data, and cause maximum impact.

A large phishing campaign is using phony seasonal party invites to trick users into installing remote management and monitoring (RMM) tools, according to researchers at Symantec. “A highly active threat actor that specializes in using the ScreenConnect remote management and monitoring (RMM) software in its attacks has changed tactics and is now infecting its victims with multiple RMM tools, including LogMeIn Resolve and Naverisk,” Symantec says.