Tag: api

9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Defending digital identity from computer-using agents (CUAs)

Nov 7, 2025 2:20 PM

Tags: access, ai, api, attack, authentication, automation, breach, captcha, cisa, computer, control, corporate, credentials, cybersecurity, data, data-breach, defense, detection, email, exploit, fido, google, identity, infrastructure, login, malicious, malware, nfc, passkey, password, phishing, saas, service, skills, social-engineering, tool, unauthorized, update

Principle of least effort: Our brains seek shortcuts to reduce cognitive load, making password reuse seem rational.Security fatigue: Frequent password changes and complex rules frustrate users, pushing them toward reuse.As a result, users often rotate between 410 core passwords. According to an article by Enzoic, the average person reuses the same password across as many as 14…
Flaw in React Native CLI opens dev servers to attacks

Nov 7, 2025 2:20 PM

Tags: access, api, attack, flaw, malicious, network, tool, vulnerability

What developers must do now?: Developers using @react-native-community/cli (or the bundled cli-server-api) in their React Native projects should check for the vulnerable package version on the npm list. The vulnerability is fixed in version 20.0.0 of cli-server-api, so immediate updating is recommended.The stakes include an attacker remotely executing commands on the victim’s development machine, potentially…
Flaw in React Native CLI opens dev servers to attacks

Nov 7, 2025 2:20 PM

Tags: access, api, attack, flaw, malicious, network, tool, vulnerability

What developers must do now?: Developers using @react-native-community/cli (or the bundled cli-server-api) in their React Native projects should check for the vulnerable package version on the npm list. The vulnerability is fixed in version 20.0.0 of cli-server-api, so immediate updating is recommended.The stakes include an attacker remotely executing commands on the victim’s development machine, potentially…
AI is the New Insider Threat: Rethinking Enterprise Security in the Digital Age

Nov 6, 2025 9:19 PM

Tags: access, ai, api, breach, business, cloud, compliance, container, control, data, detection, email, encryption, finance, framework, gartner, governance, group, ibm, identity, intelligence, jobs, malicious, ml, monitoring, resilience, risk, service, software, strategy, technology, threat, tool, training, unauthorized, update, vulnerability, zero-trust

AI is the New Insider Threat: Rethinking Enterprise Security in the Digital Age madhav Thu, 11/06/2025 – 13:02 Artificial intelligence (AI) is no longer just a passive tool. It’s an active insider interpreting data, executing workflows, automating decisions, accessing sensitive data, and managing critical systems, in enterprise operations that directly affects an enterprise risk posture…
AI is the New Insider Threat: Rethinking Enterprise Security in the Digital Age

Nov 6, 2025 9:19 PM

Tags: access, ai, api, breach, business, cloud, compliance, container, control, data, detection, email, encryption, finance, framework, gartner, governance, group, ibm, identity, intelligence, jobs, malicious, ml, monitoring, resilience, risk, service, software, strategy, technology, threat, tool, training, unauthorized, update, vulnerability, zero-trust

AI is the New Insider Threat: Rethinking Enterprise Security in the Digital Age madhav Thu, 11/06/2025 – 13:02 Artificial intelligence (AI) is no longer just a passive tool. It’s an active insider interpreting data, executing workflows, automating decisions, accessing sensitive data, and managing critical systems, in enterprise operations that directly affects an enterprise risk posture…
Do robots dream of secure networking? Teaching cybersecurity to AI systems

Nov 6, 2025 12:19 PM

Tags: ai, api, cisco, cybersecurity, intelligence, openai, threat

This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/do-robots-dream-of-secure-networking/
Do robots dream of secure networking? Teaching cybersecurity to AI systems

Nov 6, 2025 12:19 PM

Tags: ai, api, cisco, cybersecurity, intelligence, openai, threat

This blog demonstrates a proof of concept using LangChain and OpenAI, integrated with Cisco Umbrella API, to provide AI agents with real-time threat intelligence for evaluating domain dispositions. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/do-robots-dream-of-secure-networking/
Why API Security Will Drive AppSec in 2026 and Beyond

Nov 6, 2025 8:19 AM

Tags: ai, api, application-security, governance, LLM, software

As LLMs, agents and Model Context Protocols (MCPs) reshape software architecture, API sprawl is creating major security blind spots. The 2025 GenAI Application Security Report reveals why continuous API discovery, testing and governance are now critical to protecting AI-driven applications from emerging semantic and prompt-based attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/why-api-security-will-drive-appsec-in-2026-and-beyond/
Why API Security Will Drive AppSec in 2026 and Beyond

Nov 6, 2025 8:19 AM

Tags: ai, api, application-security, governance, LLM, software

As LLMs, agents and Model Context Protocols (MCPs) reshape software architecture, API sprawl is creating major security blind spots. The 2025 GenAI Application Security Report reveals why continuous API discovery, testing and governance are now critical to protecting AI-driven applications from emerging semantic and prompt-based attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/why-api-security-will-drive-appsec-in-2026-and-beyond/
Why API Security Will Drive AppSec in 2026 and Beyond

Nov 6, 2025 8:19 AM

Tags: ai, api, application-security, governance, LLM, software

As LLMs, agents and Model Context Protocols (MCPs) reshape software architecture, API sprawl is creating major security blind spots. The 2025 GenAI Application Security Report reveals why continuous API discovery, testing and governance are now critical to protecting AI-driven applications from emerging semantic and prompt-based attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/why-api-security-will-drive-appsec-in-2026-and-beyond/
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks

Nov 6, 2025 8:19 AM

Tags: ai, api, attack, cyber, cybersecurity, google, group, intelligence, malware, threat

Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks

Nov 6, 2025 8:19 AM

Tags: ai, api, attack, cyber, cybersecurity, google, group, intelligence, malware, threat

Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
Google Warns of PROMPTFLUX Malware That Uses Gemini API for Self-Rewriting Attacks

Nov 6, 2025 8:19 AM

Tags: ai, api, attack, cyber, cybersecurity, google, group, intelligence, malware, threat

Cybersecurity researchers at Google Threat Intelligence Group (GTIG) have identified a significant shift in how threat actors are leveraging artificial intelligence in their operations. The discovery of experimental malware called PROMPTFLUX marks a watershed moment in cyber threats, demonstrating that attackers are no longer using AI merely to boost productivity they are now deploying AI-enabled…
SonicWall Confirms State-Sponsored Hackers Behind September Cloud Backup Breach

Nov 6, 2025 7:19 AM

Tags: access, api, backup, breach, cloud, firewall, hacker, malicious, threat, unauthorized

SonicWall has formally implicated state-sponsored threat actors as behind the September security breach that led to the unauthorized exposure of firewall configuration backup files.”The malicious activity carried out by a state-sponsored threat actor – was isolated to the unauthorized access of cloud backup files from a specific cloud environment using an API call,” the company…
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Nov 5, 2025 5:19 PM

Tags: ai, api, google, intelligence, malware, threat

Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script (VB Script) malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence (AI) model API to write its own source code for improved obfuscation and evasion.”PROMPTFLUX is written in VBScript and interacts with Gemini’s API to request specific VBScript…
How crooks use IT to enable cargo theft

Nov 5, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, awareness, breach, business, control, crime, cyber, cybersecurity, data, detection, email, endpoint, finance, fraud, government, group, incident response, infosec, infrastructure, insurance, Internet, jobs, law, login, mfa, network, password, phishing, privacy, risk, skills, smishing, social-engineering, supply-chain, technology, theft, threat, tool, training, vulnerability

Value of stolen shipments has doubled: It’s hard to determine the size of this IT-related cargo theft problem. The US National Insurance Crime Bureau estimates cargo theft losses from all sources increased 27% last year compared to 2023, to $35 billion.Versik CargoNet, a company that tracks physical supply chain crime for law enforcement agencies, insurance…
How crooks use IT to enable cargo theft

Nov 5, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, awareness, breach, business, control, crime, cyber, cybersecurity, data, detection, email, endpoint, finance, fraud, government, group, incident response, infosec, infrastructure, insurance, Internet, jobs, law, login, mfa, network, password, phishing, privacy, risk, skills, smishing, social-engineering, supply-chain, technology, theft, threat, tool, training, vulnerability

Value of stolen shipments has doubled: It’s hard to determine the size of this IT-related cargo theft problem. The US National Insurance Crime Bureau estimates cargo theft losses from all sources increased 27% last year compared to 2023, to $35 billion.Versik CargoNet, a company that tracks physical supply chain crime for law enforcement agencies, insurance…
SesameOp Backdoor Abused OpenAI Assistants API for Remote Access

Nov 4, 2025 8:19 PM

Tags: access, api, backdoor, data, microsoft, openai, theft

Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication. First seen on hackread.com Jump to article: hackread.com/sesameop-backdoor-openai-assistants-api-access/
SesameOp: New backdoor exploits OpenAI API for covert C2

Nov 4, 2025 7:19 PM

Tags: api, backdoor, control, detection, exploit, incident response, microsoft, openai

Microsoft found a new backdoor, SesameOp, using the OpenAI Assistants API for stealthy command-and-control in hacked systems. Microsoft uncovered a new backdoor, named SesameOp, that abuses the OpenAI Assistants API for command-and-control, allowing covert communication within compromised systems. Microsoft Incident Response Detection and Response Team (DART) researchers discovered the backdoor in July 2025 while […]…
Hackers Hijack OpenAI API in Stealthy New Backdoor Attack

Nov 4, 2025 5:19 PM

Tags: api, attack, backdoor, control, exploit, hacker, openai

Hackers created a stealthy backdoor that exploits OpenAI’s API for covert command-and-control operations. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hackers-hijack-openai-api-in-stealthy-new-backdoor-attack/
SesameOp Backdoor Uses OpenAI API for Covert C2

Nov 4, 2025 4:19 PM

Tags: ai, api, attack, backdoor, malware, openai, service

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/sesameop-backdoor-openai-api-covert-c2
OpenAI Assistants API Exploited in ‘SesameOp’ Backdoor

Nov 4, 2025 4:19 PM

Tags: api, backdoor, communications, control, exploit, openai

Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-assistants-api-sesameop/
Check Point knackt XLoader-Malware mit Generativer KI

Nov 4, 2025 3:19 PM

Tags: ai, api, encryption, malware, windows

Bei der Untersuchung von XLoader stießen die Forscher unter anderem auf eine mehrschichtige RC4-Verschlüsselung, versteckte Windows-API-Aufrufe und neue Mechanismen zur Umgehung von Sandbox-Umgebungen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-knackt-xloader-malware-mit-generativer-ki/a42609/