Tag: api
-
Dohop Uses DataDome to Block Millions of Scrapers Protect 75+ Airline Partners
Tags: apiDohop cut bot traffic by 70% with DataDome, blocking millions of scrapers and protecting 75+ airline partners from API overload and downtime. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/dohop-uses-datadome-to-block-millions-of-scrapers-protect-75-airline-partners/
-
Dohop Uses DataDome to Block Millions of Scrapers Protect 75+ Airline Partners
Tags: apiDohop cut bot traffic by 70% with DataDome, blocking millions of scrapers and protecting 75+ airline partners from API overload and downtime. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/dohop-uses-datadome-to-block-millions-of-scrapers-protect-75-airline-partners/
-
Dohop Uses DataDome to Block Millions of Scrapers Protect 75+ Airline Partners
Tags: apiDohop cut bot traffic by 70% with DataDome, blocking millions of scrapers and protecting 75+ airline partners from API overload and downtime. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/dohop-uses-datadome-to-block-millions-of-scrapers-protect-75-airline-partners/
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s updates span Discovery Engine, Cloud Integrations, and Backup and Disaster Recovery, reflecting how GCP continues……
-
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s updates span Discovery Engine, Cloud Integrations, and Backup and Disaster Recovery, reflecting how GCP continues……
-
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s updates span Discovery Engine, Cloud Integrations, and Backup and Disaster Recovery, reflecting how GCP continues……
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
New backdoor ‘SesameOp’ abuses OpenAI Assistants API for stealthy C2 operations
Lessons for defenders and platform providers: Microsoft clarified that OpenAI’s platform itself wasn’t breached or exploited; rather, its legitimate API functions were misused as a relay channel, highlighting a growing risk as generative AI becomes part of enterprise and development workflows. Attackers can now co-opt public AI endpoints to mask malicious intent, making detection significantly…
-
Oct Recap: New and Newly Deniable GCP Privileged Permissions
As October 2025 wraps up, Sonrai’s latest analysis of Google Cloud Platform permissions reveals both newly introduced privileged actions and those that have become newly enforceable through the V2 API, meaning organizations can now explicitly deny their use. This month’s updates span Discovery Engine, Cloud Integrations, and Backup and Disaster Recovery, reflecting how GCP continues……
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
OpenAI API moonlights as malware HQ in Microsoft’s latest discovery
Redmond uncovers SesameOp, a backdoor hiding its tracks by using OpenAI’s Assistants API as a command channel First seen on theregister.com Jump to article: www.theregister.com/2025/11/04/openai_api_moonlights_as_malware/
-
SesameOp: Using the OpenAI Assistants API for Covert C2 Communication
Microsoft’s Detection and Response Team has exposed a sophisticated backdoor malware that exploits the OpenAI Assistants API as an unconventional command-and-control communication channel. Named SesameOp, this threat demonstrates how adversaries are rapidly adapting to leverage legitimate cloud services for malicious purposes, making detection significantly more challenging for security teams. The discovery highlights the evolving tactics…
-
Microsoft Detects “SesameOp” Backdoor Using OpenAI’s API as a Stealth Command Channel
Microsoft has disclosed details of a novel backdoor dubbed SesameOp that uses OpenAI Assistants Application Programming Interface (API) for command-and-control (C2) communications.”Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised First seen…
-
Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data
A new security issue discovered by researchers reveals that Anthropic’s Claude AI system can be exploited through indirect prompts, allowing attackers to exfiltrate user data via its built”‘in File API. The attack, documented in a detailed technical post on October 28, 2025, demonstrates how Claude’s Code Interpreter and API features could be manipulated to send…
-
Hackers Can Manipulate Claude AI APIs with Indirect Prompts to Steal User Data
A new security issue discovered by researchers reveals that Anthropic’s Claude AI system can be exploited through indirect prompts, allowing attackers to exfiltrate user data via its built”‘in File API. The attack, documented in a detailed technical post on October 28, 2025, demonstrates how Claude’s Code Interpreter and API features could be manipulated to send…
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
SesameOp malware abuses OpenAI Assistants API in attacks
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
-
Anthropic Claude Unternehmensdaten gefährdet
Tags: ai, api, bug, bug-bounty, cyberattack, data, exploit, google, infrastructure, injection, network, risk, vulnerabilityEin aktueller Report zeigt, wie sich über Anthropic Claude sensible Daten extrahieren lassen.Eine kürzlich bekannt gewordene Schwachstelle im KI-Assistenten Claude von Anthropic könnte von Angreifern ausgenutzt werden, um heimlich Unternehmensdaten zu exfiltrieren. Dabei lassen sich auch Sicherheitskonfigurationen umgehen, die solche Attacken eigentlich verhindern sollen. Wie sich das mithilfe indirekter Prompt-Injection-Techniken und Claudes Code Interpreter bewerkstelligen…
-
Anthropic Claude Unternehmensdaten gefährdet
Tags: ai, api, bug, bug-bounty, cyberattack, data, exploit, google, infrastructure, injection, network, risk, vulnerabilityEin aktueller Report zeigt, wie sich über Anthropic Claude sensible Daten extrahieren lassen.Eine kürzlich bekannt gewordene Schwachstelle im KI-Assistenten Claude von Anthropic könnte von Angreifern ausgenutzt werden, um heimlich Unternehmensdaten zu exfiltrieren. Dabei lassen sich auch Sicherheitskonfigurationen umgehen, die solche Attacken eigentlich verhindern sollen. Wie sich das mithilfe indirekter Prompt-Injection-Techniken und Claudes Code Interpreter bewerkstelligen…
-
Why API Security Is Central to AI Governance
APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Cybersecurity Snapshot: Top Guidance for Improving AI Risk Management, Governance and Readiness
Tags: access, ai, api, attack, awareness, breach, business, ceo, cloud, compliance, computer, control, corporate, crime, cryptography, cyber, cybersecurity, data, data-breach, encryption, exploit, finance, framework, germany, google, governance, guide, hacking, ibm, identity, india, infrastructure, intelligence, jobs, law, leak, metric, microsoft, network, penetration-testing, privacy, risk, risk-management, scam, security-incident, skills, strategy, technology, threat, tool, training, vulnerability, vulnerability-managementMany organizations are playing catch-up in key AI security policy areas, such as usage governance, risk oversight, data protection, and staff training. In this Cybersecurity Snapshot special edition, we round up recent guidance on preparing for, managing and governing AI cyber risks. Key takeaways Most organizations’ AI adoption is dangerously outpacing their security strategies and…
-
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.Palo Alto Networks Unit 42 said it’s tracking the cluster under the moniker CL-STA-1009, where “CL” stands for cluster and “STA” refers to state-backed motivation.”Airstalk misuses the AirWatch API for mobile…
-
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report [link placeholder] reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from REST to AI-powered APIs. Here’s what stood out this quarter, and what security leaders…
-
Claude AI vulnerability exposes enterprise data through code interpreter exploit
Tags: access, ai, api, attack, control, data, exploit, google, injection, malicious, mitigation, monitoring, network, risk, vulnerabilityBypassing AI safety controls: Rehberger’s report stated that developing a reliable exploit proved challenging due to Claude’s built-in safety mechanisms. The AI initially refused requests containing plaintext API keys, recognizing them as suspicious. However, Rehberger added that mixing malicious code with benign instructions, such as simple print statements, was sufficient to bypass these safeguards.”I tried…
-
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report [link placeholder] reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from REST to AI-powered APIs. Here’s what stood out this quarter, and what security leaders…
-
Claude AI vulnerability exposes enterprise data through code interpreter exploit
Tags: access, ai, api, attack, control, data, exploit, google, injection, malicious, mitigation, monitoring, network, risk, vulnerabilityBypassing AI safety controls: Rehberger’s report stated that developing a reliable exploit proved challenging due to Claude’s built-in safety mechanisms. The AI initially refused requests containing plaintext API keys, recognizing them as suspicious. However, Rehberger added that mixing malicious code with benign instructions, such as simple print statements, was sufficient to bypass these safeguards.”I tried…
-
When APIs Become Attack Paths: What the Q3 2025 ThreatStats Report Tells Us
Wallarm’s latest Q3 2025 API ThreatStats report [link placeholder] reveals that API vulnerabilities, exploits, and breaches are not just increasing; they’re evolving. Malicious actors are shifting from code-level weaknesses to business logic flaws, from web apps to partner integrations, and from REST to AI-powered APIs. Here’s what stood out this quarter, and what security leaders…