Tag: api
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Hidden Comet Browser API Allowed Dangerous Local Command Execution
Tags: apiA hidden MCP API in Comet let extensions execute local commands on user devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/hidden-comet-browser-api-allowed-dangerous-local-command-execution/
-
APIs Are the Retail Engine: How to Secure Them This Black Friday
Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on…
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/
-
API-Exploit für AI-Browser Comet entdeckt
Sicherheitsforscher haben einen API-Exploit für den KI-Browser Comet offengelegt.Der Security-Anbieter SquareX hat eine bisher nicht dokumentierte API innerhalb des KI-Browsers Comet offengelegt. Damit können beliebige Befehle über eingebettete Erweiterungen ausgeführt und Anwendungen gestartet werden Funktionen, die von Mainstream-Browsern absichtlich blockiert werden.Die API lässt sich direkt von perplexity.ai auslösen und schafft so einen verdeckten Execution Channel.…
-
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control. First seen on hackread.com Jump to article: hackread.com/comet-browser-flaw-hidden-api-commands-devices/
-
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Tags: api, authentication, control, credentials, cyber, encryption, endpoint, flaw, hacker, leak, login, password, vulnerabilityTwonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through an unprotected API endpoint, then decrypt them using hardcoded encryption keys embedded directly in the…
-
Attack Surface Management ein Kaufratgeber
Tags: ai, api, attack, business, cloud, crowdstrike, cyber, cyberattack, cybersecurity, data, detection, dns, framework, hacker, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, microsoft, monitoring, network, open-source, PCI, penetration-testing, risk, service, soc, software, supply-chain, threat, tool, update, vulnerabilityMit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen.Regelmäßige Netzwerk-Scans reichen für eine gehärtete Angriffsfläche nicht mehr aus. Um die Sicherheit von Unternehmensressourcen und Kundendaten zu gewährleisten, ist eine kontinuierliche Überwachung auf neue Ressourcen und Konfigurationsabweichungen erforderlich. Werkzeuge im Bereich Cyber Asset Attack Surface Management (CAASM)…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local…
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local…
-
Blocking Traffic Manipulation in AWS Starts With IAM
Tl;DR Networking in the Cloud Without domain name resolution and effective traffic routing, the cloud breaks. This proved true last month, when a DNS issue affecting the AWS us-east-1 DynamoDB API endpoint disrupted operations at thousands of companies. While certainly an extreme example, it highlights how quickly a single networking issue can cascade, taking down……
-
Veeam bringt Data Platform v13 auf den Markt
Veeam Data Platform v13 umfasst neue Funktionen zur Bekämpfung von Bedrohungen, beschleunigte Wiederherstellung mit Sicherheit der nächsten Generation, forensische Erkenntnisse und intelligente Automatisierung. Veeam führt obendrein die Universal Hypervisor Integration API ein, eine flexible Integrationsplattform für Hypervisoren First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-bringt-data-platform-v13-auf-den-markt/a42888/
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, 19th November 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/obscure-mcp-api-in-comet-browser-breaches-user-trust-enabling-full-device-control-via-ai-browsers/
-
Hidden API in Comet AI browser raises security red flags for enterprises
Broader Warning for AI browsers: The disclosure is likely to deepen enterprise hesitation around AI browser adoption. Grady noted that organizations will continue treating them as unsanctioned applications until they can fully assess the tradeoffs. “Security teams should ensure corporate policy is clear, and they have the tools to enforce that policy.”SquareX’s recommendation is rather…
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, 19th November 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/obscure-mcp-api-in-comet-browser-breaches-user-trust-enabling-full-device-control-via-ai-browsers/
-
Cline Bot AI Agent Vulnerable to Data Theft and Code Execution
Mindgard reveals 4 critical security flaws in the popular Cline Bot AI coding agent. Learn how prompt injection can hijack the tool for API key theft and remote code execution. First seen on hackread.com Jump to article: hackread.com/cline-bot-ai-agent-vulnerable-data-theft-code-execution/
-
From Cloud to Code: Salt Cloud Connect Now Scans GitHub
One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their…
-
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era
Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-managementTenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
-
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era
Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-managementTenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
-
Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories
API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI…
-
Rethinking identity for the AI era: CISOs must build trust at machine speed
Tags: access, ai, api, attack, authentication, business, ciso, cloud, control, cybersecurity, data, data-breach, google, governance, group, identity, infrastructure, injection, Internet, LLM, malicious, mitigation, network, risk, theft, threat, tool, training, vulnerabilityIdentity as a trust fabric: Most organizations currently rely on a welter of identity and access management systems for a variety of reasons. Some systems might be tied to a specific vendor’s technology; some might be legacy systems from mergers or acquisitions; some might be in place due to legal or regulatory requirements.”What happens even…