Tag: api
-
cnspec: Open-source, cloud-native security and policy project
cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/24/cnspec-open-source-cloud-native-security-policy-project/
-
Anwendungen und APIs schützen: Praktische Security-Hebel für Admins
Werbung IT-Umgebungen werden zunehmend heterogen: lokale Dienste, Cloud-Komponenten, Container und APIs greifen ineinander. Für die Administration bedeutet das vor allem eines: mehr Angriffsfläche und Verantwortung. Viele Sicherheitsvorfälle der letzten Jahre zeigen, dass selbst solide konfigurierte Systeme ins Straucheln geraten, wenn … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/24/anwendungen-und-apis-schuetzen-praktische-security-hebel-fuer-admins/
-
ZTE Launches ZXCSec MAF security solution for large model
A multi-layered security framework protecting large-model applications from adversarial threats, data leakage, API abuse, and content risks First seen on theregister.com Jump to article: www.theregister.com/2025/11/21/zte-zxcsec-maf-security-solution/
-
WhatsApp API flaw let researchers scrape 3.5 billion accounts
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-api-flaw-let-researchers-scrape-35-billion-accounts/
-
WhatsApp API flaw let researchers scrape 3.5 billion accounts
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-api-flaw-let-researchers-scrape-35-billion-accounts/
-
SesameOp: Neuartige Backdoor in OpenAI API für CC missbraucht
Sicherheitsforscher von Microsoft sind auf eine neuartige Backdoor in der OpenAI Assistant API gestoßen, und haben diese SesameOp genannt. Diese neuartige Backdoor, die von einem Angreifer verwendet wurde, nutzt die API des OpenAI Assistant, um Befehls- und Kontrollfunktionen für Cyberangriffe … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/22/sesameop-neuartige-backdoor-in-openai-api-fuer-cc-missbraucht/
-
LLM09: Misinformation FireTail Blog
Tags: ai, api, awareness, breach, cybersecurity, data, defense, healthcare, intelligence, LLM, mitigation, risk, training, vulnerabilityNov 21, 2025 – Lina Romero – In 2025, Artificial Intelligence is everywhere, and so are AI vulnerabilities. In fact, according to our research, these vulnerabilities are up across the board. The OWASP Top 10 list of Risks to LLMs can help teams track the biggest challenges facing AI security in our current landscape. Misinformation…
-
WhatsApp API Could Bulk Leak User Telephone Numbers
Researchers Were Able to Query 3.5 Billion Accounts. Security researchers were able to scoop up the telephone numbers of billions of WhatsApp users through an enumeration tool provided by app owner Meta. The sheer quantity of leaked numbers – 3.5 billion in total – would amount to the largest data leak in history. First seen…
-
APIs Are the Retail Engine: How to Secure Them This Black Friday
Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
How to turn threat intel into real security wins
Tags: access, api, attack, automation, awareness, business, ciso, cloud, communications, control, credentials, csf, data, data-breach, detection, dns, edr, email, endpoint, exploit, finance, framework, governance, guide, identity, intelligence, lessons-learned, mail, malware, mitre, nist, phishing, ransomware, resilience, risk, saas, siem, soar, soc, switch, tactics, theft, threat, tool, update, vulnerabilityThe CISO mandate: Risk, efficiency, investment, response: Reduce operational risk and financial loss Intelligence-led detection and response aim to prevent or minimise data loss and business disruption. The downstream effects, smaller blast radii, fewer regulatory headaches and lower recovery bills, are what boards recognise. Maximise staff efficiency Manual validation and correlation drive alert fatigue. Automating…
-
Hidden Comet Browser API Allowed Dangerous Local Command Execution
Tags: apiA hidden MCP API in Comet let extensions execute local commands on user devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/hidden-comet-browser-api-allowed-dangerous-local-command-execution/
-
APIs Are the Retail Engine: How to Secure Them This Black Friday
Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on…
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/
-
API-Exploit für AI-Browser Comet entdeckt
Sicherheitsforscher haben einen API-Exploit für den KI-Browser Comet offengelegt.Der Security-Anbieter SquareX hat eine bisher nicht dokumentierte API innerhalb des KI-Browsers Comet offengelegt. Damit können beliebige Befehle über eingebettete Erweiterungen ausgeführt und Anwendungen gestartet werden Funktionen, die von Mainstream-Browsern absichtlich blockiert werden.Die API lässt sich direkt von perplexity.ai auslösen und schafft so einen verdeckten Execution Channel.…
-
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity’s Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control. First seen on hackread.com Jump to article: hackread.com/comet-browser-flaw-hidden-api-commands-devices/
-
Critical Twonky Server Flaws Let Hackers Bypass Login Protection
Tags: api, authentication, control, credentials, cyber, encryption, endpoint, flaw, hacker, leak, login, password, vulnerabilityTwonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to steal administrator credentials and take complete control of the media server. Security researchers at Rapid7 discovered that an attacker can leak encrypted admin passwords through an unprotected API endpoint, then decrypt them using hardcoded encryption keys embedded directly in the…
-
Attack Surface Management ein Kaufratgeber
Tags: ai, api, attack, business, cloud, crowdstrike, cyber, cyberattack, cybersecurity, data, detection, dns, framework, hacker, hacking, HIPAA, incident response, infrastructure, intelligence, Internet, microsoft, monitoring, network, open-source, PCI, penetration-testing, risk, service, soc, software, supply-chain, threat, tool, update, vulnerabilityMit diesen Attack Surface Management Tools sorgen Sie im Idealfall dafür, dass sich Angreifer gar nicht erst verbeißen.Regelmäßige Netzwerk-Scans reichen für eine gehärtete Angriffsfläche nicht mehr aus. Um die Sicherheit von Unternehmensressourcen und Kundendaten zu gewährleisten, ist eine kontinuierliche Überwachung auf neue Ressourcen und Konfigurationsabweichungen erforderlich. Werkzeuge im Bereich Cyber Asset Attack Surface Management (CAASM)…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
WhatsApp flaw allowed discovery of the 3.5 billion mobile numbers registered to the platform
Tags: api, attack, bug-bounty, business, china, cloud, dark-web, data, data-breach, encryption, flaw, government, mobile, phishing, phone, privacy, spam, technology, vulnerability, windowsHey there You are using WhatsApp, marks this as one of the most embarrassing weaknesses yet in the world’s most widely-used communication app.The vulnerability was in WhatsApp’s contact discovery mechanism, the foundation of how this and many similar apps work. When WhatsApp is installed, it asks for permission to match mobile numbers in a user’s…
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local…
-
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users’ devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local…