Tag: api

Quttera Launches >>Evidence-as-Code<< API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Nov 27, 2025 4:49 PM

Tags: api, compliance, PCI, soc

Tel Aviv, Israel, 27th November 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/quttera-launches-evidence-as-code-api-to-automate-security-compliance-for-soc-2-and-pci-dss-v4-0/
OpenAI admits data breach after analytics partner hit by phishing attack

Nov 27, 2025 4:49 PM

Tags: access, ai, api, attack, authentication, backdoor, breach, chatgpt, credentials, data, data-breach, email, governance, government, mfa, openai, password, phishing, risk

Name provided to OpenAI on the API account Email address associated with the API accountApproximate location based on API user browser (city, state, country)Operating system and browser used to access the API accountReferring websitesOrganization or User IDs associated with the API account”We proactively communicated with all impacted customers. If you have not heard from us directly,…
OpenAI-Dienstleister gehackt

Nov 27, 2025 4:49 PM

Tags: access, ai, api, chatgpt, cyberattack, mail, openai, password, phishing, social-engineering

Cyberkriminelle sind in das System des Datenanalyseanbieters von OpenAI eingedrungen.Laut einer Mitteilung von OpenAI haben sich Cyberkriminelle Anfang November Zugriff auf die Systeme des Analysedienst Mixpanel verschafft. Demnach wurden dabei Daten von API-Nutzern abgegriffen.Folgende Informationen sind möglicherweise davon betroffen:Name im API-Konto,E-Mail-Adressen, die mit dem API-Konto verknüpft sind,Ungefährer Standort basierend auf dem Browser des API-Nutzers (Stadt,…
OpenAI Reveals Mixpanel Data Breach Exposing User Details

Nov 27, 2025 3:49 PM

Tags: api, breach, cyber, data, data-breach, email, monitoring, openai, security-incident

OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…
OpenAI Reveals Mixpanel Data Breach Exposing User Details

Nov 27, 2025 3:49 PM

Tags: api, breach, cyber, data, data-breach, email, monitoring, openai, security-incident

OpenAI has publicly disclosed a security incident involving a data breach at Mixpanel, a third-party analytics provider previously used by the company for monitoring usage on its API platform. The breach exposed limited but sensitive user information, including names, email addresses, operating system details, and browser metadata. According to OpenAI, the incident originated within Mixpanel’s…
OpenAI-Server über Dienstleister gehackt, API-Daten abgeflossen

Nov 27, 2025 1:49 PM

Tags: ai, api, openai

Der AI-Platzhirsch OpenAI wurde am 9. November 2025 über den Dienstleister Mixpanel gehackt. Wer die API-Dienste von OpenAI genutzt hat, sollte davon ausgehen, dass die Angreifer Name, den Standort, die Benutzer-ID und andere Informationen abgegriffen hat. Das ist gerade von … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/27/openai-server-ueber-dienstleister-gehackt-api-daten-abgeflossen/
OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected

Nov 27, 2025 1:49 PM

Tags: api, breach, chatgpt, data, data-breach, email, openai

OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser… First seen on hackread.com Jump to article: hackread.com/openai-api-mixpanel-data-breach-chatgpt/
OpenAI discloses API customer data breach via Mixpanel vendor hack

Nov 27, 2025 12:49 PM

Tags: api, breach, chatgpt, data, data-breach, openai

OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-discloses-api-customer-data-breach-via-mixpanel-vendor-hack/
OpenAI Warns of Mixpanel Data Breach Impacting API Users

Nov 27, 2025 12:49 PM

Tags: api, breach, data, data-breach, openai

The breach may have exposed OpenAI API customers’ data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openai-warns-mixpanel-data-breach/
CSPM buyer’s guide: How to choose the best cloud security posture management tools

Nov 27, 2025 8:49 AM

Tags: access, ai, api, automation, awareness, best-practice, breach, business, cloud, compliance, container, control, crowdstrike, cybercrime, data, data-breach, defense, detection, exploit, framework, google, governance, group, guide, infrastructure, intelligence, kubernetes, leak, LLM, microsoft, monitoring, network, programming, risk, risk-assessment, saas, service, software, strategy, threat, tool, training, unauthorized, vulnerability

cloud security posture management (CSPM) enterprise buyer’s guide today! ] In this buyer’s guide Cloud security posture management (CSPM) explainedWhat to look for in cloud security posture management (CSPM) toolsLeading vendors for cloud security posture management (CSPM)What to ask your cloud security posture management (CSPM) providerEssential readingThat’s where CSPM tools can help. These tools continuously…
Developers Are Exposing Passwords and API Keys Through Online Code Tools

Nov 26, 2025 12:49 PM

Tags: api, credentials, cyber, leak, password, tool

Security researchers at watchTowr Labs uncovered a massive leak of sensitive credentials after scanning popular online JSON formatting tools. Developers and administrators have been pasting passwords, API keys, database credentials, and personally identifiable information (PII) into sites like jsonformatter.org and codebeautify.org, where >>save>Recent Links
Developers left large cache of credentials exposed on code generation websites

Nov 25, 2025 11:49 PM

Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day

/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
Developers left large cache of credentials exposed on code generation websites

Nov 25, 2025 11:49 PM

Tags: ai, api, authentication, banking, credentials, cyber, data, data-breach, email, endpoint, fortinet, government, healthcare, infrastructure, leak, mssp, service, vulnerability, waf, zero-day

/service/getDataFromID API endpoint, watchTowr was able to extract the content behind each link from 80,000+ downloaded submissions, five years of historical JSON Formatter content, one year of historical Code Beautify content, 5GB+ of enriched data, annotated JSON data, plus thousands of secrets. These included:Active Directory credentialsCode repository authentication keysDatabase credentialsLDAP configuration informationCloud environment keysFTP credentialsCI/CD…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Cobalt Strike 4.12 Adds New Injection, UAC Bypasses C2 Features

Nov 25, 2025 7:49 PM

Tags: api, control, cyber, injection, RedTeam, update

Fortra has officially released Cobalt Strike 4.12, introducing a comprehensive suite of new features designed to enhance red team operations and offensive security research. The update delivers a modernized GUI, a groundbreaking REST API, User Defined Command and Control (UDC2), advanced process injection techniques, new UAC bypasses, and enhanced evasion capabilities via drip-loading Malleable C2 options.…
Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

Nov 25, 2025 6:49 PM

Tags: access, ai, api, attack, ciso, cloud, control, data, data-breach, finance, gartner, infrastructure, injection, Internet, LLM, risk, service, technology, tool, update

The conversation about AI security has shifted. For the past year, the focus has been on the model itself: poisoning data, prompt injection, and protecting intellectual property. These are critical concerns, but they miss the bigger picture of how AI is actually being operationalized in the enterprise. We are entering the era of Agentic AI.…
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Nov 25, 2025 6:49 PM

Tags: api, credentials, government, infrastructure, leak, password, tool

New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBeautify that are used to format and validate code.Cybersecurity company watchTowr Labs said it captured a dataset of over 80,000 files on these sites, uncovering thousands of First…
Popular code formatting sites are exposing credentials and other secrets

Nov 25, 2025 5:49 PM

Tags: api, credentials

Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/25/code-formatting-sites-exposing-secrets/
Would Your Business Survive a Black Friday Cyberattack?

Nov 25, 2025 4:49 PM

Tags: access, ai, api, application-security, attack, authentication, automation, backup, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, defense, encryption, exploit, finance, fraud, identity, infection, infrastructure, intelligence, Internet, login, malicious, mfa, monitoring, password, phishing, ransomware, resilience, risk, soar, software, strategy, threat, training, unauthorized

Would Your Business Survive a Black Friday Cyberattack? madhav Tue, 11/25/2025 – 13:54 Black Friday and Cyber Monday can make or break the year for retailers. Sales soar, carts fill, and data pours in. However, the same things that drive growth for retailers also draw in malefactors. For them, it’s open season. Cyber War Cloud…
Would Your Business Survive a Black Friday Cyberattack?

Nov 25, 2025 4:49 PM

Tags: access, ai, api, application-security, attack, authentication, automation, backup, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybercrime, cybersecurity, data, ddos, defense, encryption, exploit, finance, fraud, identity, infection, infrastructure, intelligence, Internet, login, malicious, mfa, monitoring, password, phishing, ransomware, resilience, risk, soar, software, strategy, threat, training, unauthorized

Would Your Business Survive a Black Friday Cyberattack? madhav Tue, 11/25/2025 – 13:54 Black Friday and Cyber Monday can make or break the year for retailers. Sales soar, carts fill, and data pours in. However, the same things that drive growth for retailers also draw in malefactors. For them, it’s open season. Cyber War Cloud…
From User Identity to Payroll Accuracy: Automating Local Tax Compliance with SaaS Tools

Nov 24, 2025 7:49 PM

Tags: api, compliance, data, identity, saas, tool

Learn how SaaS platforms can automate local payroll tax compliance using identity data, real-time tax APIs, geolocation, and secure workflows for accuracy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/from-user-identity-to-payroll-accuracy-automating-local-tax-compliance-with-saas-tools/
From User Identity to Payroll Accuracy: Automating Local Tax Compliance with SaaS Tools

Nov 24, 2025 7:49 PM

Tags: api, compliance, data, identity, saas, tool

Learn how SaaS platforms can automate local payroll tax compliance using identity data, real-time tax APIs, geolocation, and secure workflows for accuracy. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/from-user-identity-to-payroll-accuracy-automating-local-tax-compliance-with-saas-tools/
What keeps CISOs awake at night, and why Zurich might hold the cure

Nov 24, 2025 4:49 PM

Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-day

A safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
What keeps CISOs awake at night, and why Zurich might hold the cure

Nov 24, 2025 4:49 PM

Tags: access, ai, api, attack, breach, ciso, conference, control, cve, cyber, cybersecurity, deep-fake, detection, endpoint, exploit, finance, firmware, framework, group, incident response, injection, LLM, malware, mandiant, microsoft, mitre, network, phishing, phone, ransomware, resilience, risk, soc, strategy, supply-chain, threat, tool, training, update, zero-day

A safe space in the Alps: Over two days at Zurich’s stunning Dolder Grand, hosted by the Swiss Cyber Institute, I witnessed something I’ve seldom seen at cybersecurity events: real vulnerability. In a closed, attribution-free environment, leaders shared not just strategies, but doubts. And that made this event stand out, not as another conference, but…
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads

Nov 24, 2025 12:49 PM

Tags: api, cve, cvss, cyber, flaw, malicious, remote-code-execution, vulnerability

A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads

Nov 24, 2025 12:49 PM

Tags: api, cve, cvss, cyber, flaw, malicious, remote-code-execution, vulnerability

A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads

Nov 24, 2025 12:49 PM

Tags: api, cve, cvss, cyber, flaw, malicious, remote-code-execution, vulnerability

A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…