SHARED INTEL Q&A: A sharper lens on rising API logic abuse â and a framework to fight back
In todayâs digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talkingâand scaling. But this essential layer of connectivity is also where attackers are gaining traction, often quietly and with alarming precision. Jamison Utter, a cybersecurity
Windows 11 24H2 emergency update fixes Easy Anti-Cheat BSOD issue
Microsoft has released an emergency Windows 11 24H2 update to address an incompatibility issue triggering restarts with blue screen of death (BSOD) errors on systems with Easy Anti-Cheat.
Fog ransomware attack uses unusual mix of legitimate and open-source tools
Fog ransomware hackers are using an uncommon toolset, which includes open-source pentesting utilities and a legitimate employee monitoring software called Syteca.
Digital rights groups sound alarm on Stop CSAM Act | CyberScoop
The organizations say a reintroduced version of the bill would âbreakâ encryption for most Americans and make it impossible for end-to-end encrypted service providers to avoid lawsuits.
SmartAttack uses smartwatches to steal data from air-gapped systems
A new attack dubbed 'SmartAttack' uses smartwatches as a covert ultrasonic signal receiver to exfiltrate data from physically isolated (air-gapped) systems.
Erie Insurance confirms cyberattack behind business disruptions
Erie Insurance and Erie Indemnity Company have disclosed that a weekend cyberattack is behind the recent business disruptions and platform outages on its website.
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction.
RSAC Fireside Chat: Operationalizing diverse security to assure customers, partnersâand insurers
Catastrophic outages donât just crash systems â they expose assumptions. Related: Getting the most from cyber insurance At RSAC 2025, I met with ESET Chief Security Evangelist Tony Anscombe to trace a quiet but growing convergence: endpoint defense, cyber insurance, and monoculture risk are no longer separate concerns. Theyâre overlapping â and reshaping how security
catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities
Cisco Talosâ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15.
Ce groupe cybercriminel dupe les recruteurs sur LinkedIn
Un nouveau type d'arnaque vise actuellement les professionnels du recrutement sur LinkedIn et Indeed. DerriĂšre des profils de candidats qui semblent tout Ă fait ordinaires se cache le groupe cybercriminel FIN6. Son but : gagner la confiance des recruteurs, infiltrer les systĂšmes informatiques des entreprises et
Singapore leads multinational operation to shutter scam centers tied to $225 million in thefts
Nearly 2,000 people were arrested and millions of dollars in illicit funds were seized in an operation coordinated by Singapore police against Asian scam operations.