Kirsten Doyle

APIs made up 17% of 67,058 published vulnerabilities in 2025, a total of 11,053 API-related flaws. The overlap between APIs and AI is even more notable. More than a third (36%) of AI vulnerabilities (786 out of 2,185) were API-related.  Of the 245 vulnerabilities identified in the U.S. Cybersecurity and Infrastructure Security Agency’s 2025 Known Exploited Vulnerabilities list, 43% (106) were API-related. Unsurprisingly, 36% of AI-related exploits also corresponded to API vulnerabilities. These were some of the findings of Wallarm’s API ThreatStats Report 2026, which draws on vulnerability and breach data from 2025.  The report describes AI as a risk multiplier that has been leveraging existing weaknesses in…

Eurail BV has confirmed that some customer data impacted by the previously reported security incident has been offered for sale on the dark web and a sample data set has been posted on Telegram.   The company said it is continuing to investigate the scope and impact. Last month, the company revealed that it had experienced a data breach when bad actors accessed its customer database, which exposed sensitive information such as full names, passport numbers, ID numbers, bank account IBANs, health data, and contact information (email and phone numbers). “We have become aware that the data has been offered for sale on the dark web and…

Modern supply chain attacks are no longer isolated events. Rather, phishing, identity theft, malicious extensions, data breaches, ransomware, and extortion are becoming more and more interrelated steps of a single attack chain, where each step reinforces the next. This was one of the findings of Group IB’s High-Tech Crime Trends Report 2026, based on Intelligence drawn from Group-IB’s Digital Crime Resistance Centers (DCRCs) across 11 countries worldwide, enriched by adversary-focused telemetry, hands-on cybercriminal investigations, and 24/7 global monitoring of underground ecosystems. Other key findings include: Open-source ecosystems are under attack: The package repositories npm and PyPI have become the number one target, with stolen credentials for maintainers and automated malware worms to…

A recent report from Picus Labs, has uncovered a chilling evolution in cyber warfare, that it calls “the rise of the Digital Parasite.” The report analyzed more than 1.1 million malicious files and 15.5 million actions last year, and revealed that bad actors have shifted 80% of their resources toward stealth, evasion, and persistence. The report highlighted distinct, highly sophisticated behaviors that allow malware to inhabit systems for months without detection. These include: Dr. Süleyman Özarslan, Co-founder and VP of Picus Labs, said: ”What we’re observing is the rise of the digital parasite. Attackers have realized it is more profitable to inhabit the host than to destroy it. They are embedding themselves inside environments, using trusted identities and even physical hardware to feed…

Dutch telecoms business Odido has disclosed a cyberattack on its customer contact system that happened on 7 February. The personal information of approximately 6.2 million customers was disclosed, including names, residential addresses, mobile phone numbers, email addresses, account numbers, and ID information such as passports and driver’s licenses.   In a statement, the company said no passwords, call details or billing information are involved. “We deeply regret this incident and are fully committed to limiting the impact of this incident and providing our customers with all necessary support. It is important to emphasize that our operational services have not been affected; customers can continue to call, use the internet and watch TV safely,” the statement read. …

Almost 17,000 Volvo employees have had their personal data exposed after attackers breached Conduent, an outsourcing company that manages workforce benefits and back-office services.   In a filing with the Maine Attorney General, Volvo Group North America said it learned in late January that employee data had been exposed through systems run by Conduent. In a letter to customers, Conduent said: “On 13 January 2025, we discovered that we were the victim of a cyber incident that impacted a limited portion of our network. We immediately secured our networks and initiated an investigation with the assistance of third-party forensic experts.” Conduent’s investigation determined that an unsanctioned third party had access to its environment betwen 21 October 2024 and 13 January 2025. The bad actors obtained files associated with customers’ current or former health plans. “Given the nature and complexity of the data involved, Conduent…

Media platform Substack has disclosed a data breach that exposed email addresses, phone numbers, and internal metadata of an unknown number of users. Credit card numbers, passwords, and financial information were not accessed. In an email, Substack CEO Chris Best informed affected users that on 3 February, the company found evidence pointing to a third party having exploited an unspecified weakness in its systems. The breach happened in October 2025, meaning user data remained exposed for about four months before discovery. Best added that the company is conducting a thorough investigation, and is “taking steps to improve our systems and processes to prevent this…

The Olympics have traditionally been a major attack vector for cyber disruption, espionage, and financially motivated attacks. The 2018 Winter Olympic Games in PyeongChang saw the Olympic Destroyer malware used to disrupt Wi-Fi, ticket, and venue systems during the opening ceremony of the games. During the Paris 2024 event, there was an increase in scanning, DDoS, and other attempts targeting Olympic-related systems.  The Milan-Cortina 2026 event kicks off today, promising to be the most geographically distributed Winter Olympics on record. This will see the attack surface expand even further, spanning multiple cities, suppliers, digital platforms, and temporary networks. Security leaders…

Microsoft has warned that information-stealing attacks are rapidly expanding beyond Windows to target Apple macOS environments using cross-platform languages such as Python. The software giant’s Defender Security Research Team has observed macOS-targeted infostealer campaigns using social engineering techniques like ClickFix since late 2025 to distribute disk image (DMG) installers that deploy stealer malware families like Atomic macOS Stealer (AMOS), MacSync, and DigitStealer. The campaigns have been using techniques like fileless execution, native macOS utilities, and AppleScript automation to facilitate data theft, including web browser credentials and session data, iCloud Keychain, and developer secrets. The basis for these attacks is usually a malicious ad, most often delivered via Google Ads, that tricks users searching…

In 2025, attackers didn’t only target traditional areas of vulnerability; they went after those with the least defense and the most rapid change. These include new AI technologies, web applications, and operational technology (OT) for industries such as healthcare, manufacturing, energy, government, and finance.   In fact, attacks against OT protocol rose by a whopping 84% with Modbus, Ethernet/IP, and BACnet at the forefront. IoT exploits increased to 19%, hitting cameras and video recorders the hardest, while network devices accounted for some 19% of all exploits. This is no surprise, because last year, IT, IoT, and OT saw broad expansion amid rapid infrastructure shifts. These were some of the findings of the recent 2025 Threat Roundup by Forescout Technologies – Vedere Labs. The research aims to…