Tag: api
-
moveIT a series of breaches, all enabled by APIs FireTail Blog
Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
-
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog
Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threatNov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
-
Introducing FireTail: Making API Security as Simple as Import, Setup, Done FireTail Blog
Nov 11, 2025 – – FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December…
-
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog
Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerabilityNov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
-
FireTail Raises $5M to Accelerate API Security, Led by Paladin Capital Group FireTail Blog
Nov 11, 2025 – James Fulton – McLean, Va. Dec. 14, 2022, FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber security executives including SentinelOne VP of…
-
FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023 FireTail Blog
Tags: api, attack, best-practice, breach, ceo, cloud, cyber, cybersecurity, data, defense, detection, office, open-source, risk, strategy, vulnerabilityNov 11, 2025 – Jeremy Snyder – On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security – what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and…
-
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog
Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerabilityNov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
-
Introduction to REST API Security FireTail Blog
Tags: access, api, application-security, authentication, best-practice, business, cloud, control, data, data-breach, ddos, detection, encryption, finance, firewall, group, identity, infrastructure, monitoring, network, password, radius, risk, service, technology, threat, tool, update, vulnerabilityNov 11, 2025 – Jeremy Snyder – A common analogy for APIs is that they are LEGO blocks, or more specifically, APIs are the little studs and slots that allow you to attach LEGO pieces to each other and build something bigger than any individual piece. The LEGO pieces in this analogy would be individual…
-
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog
Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threatNov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
-
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog
Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threatNov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
-
Evaluating the Attack Surface of AI Chatbots Deployed in Enterprise Settings
AI chatbots boost enterprise efficiency but expand the attack surface. Learn about vulnerabilities like prompt injection, data leakage, and API exploits, and how to secure them. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/evaluating-the-attack-surface-of-ai-chatbots-deployed-in-enterprise-settings/
-
AI startups leak sensitive credentials on GitHub, exposing models and training data
Tags: ai, api, attack, compliance, credentials, cybersecurity, data, data-breach, framework, github, governance, leak, startup, trainingCompliance and governance: The Wiz findings highlight how exposed API keys can escalate into full-scale compromises across AI ecosystems, according to Sakshi Grover, senior research manager for IDC Asia Pacific Cybersecurity Services. “Stolen credentials can be used to manipulate model behavior or extract training data, undermining trust in deployed systems.”Grover noted that such exposures are…
-
Beyond silos: How DDI-AI integration is redefining cyber resilience
Tags: ai, api, attack, automation, best-practice, breach, business, cctv, cloud, control, corporate, cyber, cybersecurity, data, defense, detection, dns, endpoint, finance, firewall, guide, identity, infrastructure, intelligence, iot, malicious, monitoring, network, penetration-testing, phishing, phone, RedTeam, resilience, risk, service, siem, soar, soc, sql, threat, tool, training, zero-trustDDI as the nervous system of enterprise security: DDI, including DNS, DHCP and IP address management, is the nervous system of the network. It records every connection, every name resolution and every IP allocation, maintaining the only comprehensive, authoritative record of normal network behavior.By itself, DDI data is simply a massive stream of logs. For…
-
Beyond silos: How DDI-AI integration is redefining cyber resilience
Tags: ai, api, attack, automation, best-practice, breach, business, cctv, cloud, control, corporate, cyber, cybersecurity, data, defense, detection, dns, endpoint, finance, firewall, guide, identity, infrastructure, intelligence, iot, malicious, monitoring, network, penetration-testing, phishing, phone, RedTeam, resilience, risk, service, siem, soar, soc, sql, threat, tool, training, zero-trustDDI as the nervous system of enterprise security: DDI, including DNS, DHCP and IP address management, is the nervous system of the network. It records every connection, every name resolution and every IP allocation, maintaining the only comprehensive, authoritative record of normal network behavior.By itself, DDI data is simply a massive stream of logs. For…
-
Cybersecurity Maturity and Why Your API Security is Lagging Behind FireTail Blog
Tags: access, api, attack, awareness, breach, cloud, compliance, control, cybersecurity, data, data-breach, defense, detection, framework, malicious, monitoring, network, nist, risk, threat, vulnerabilityNov 11, 2025 – Jeremy Snyder – Understanding Cybersecurity Maturity Models (CMM) Cybersecurity maturity models offer valuable guidance for organizations seeking to enhance their security posture. While the Cybersecurity Maturity Model Certification (CMMC) version 1.0, originally created by the U.S. Department of Defense (DoD), has been widely adopted, it’s important to note that there are…
-
Your passwordless future may never fully arrive
Tags: access, api, attack, authentication, breach, ceo, ciso, cloud, compliance, credentials, cyber, cybersecurity, group, infrastructure, insurance, mfa, network, passkey, password, risk, service, strategy, technology, vpn, zero-trustAll-in passwordless strategies fall short: Jim Taylor, chief product and strategy officer at RSA, says today’s enterprise environment and existing passwordless approaches make “100% passwordless not possible just yet,” adding that “85% is possible, with the 15% representing the complicated and the very specialized” needs such as “security admins who need to log in to…
-
65% of Top AI Firms Found Exposing Verified API Keys and Tokens on GitHub
A comprehensive security analysis has uncovered a troubling reality: 65% of leading AI companies have leaked verified secrets on GitHub, exposing critical API keys, authentication tokens, and sensitive credentials that could compromise their entire organizations. Researchers examined 50 prominent AI companies from the Forbes AI 50 list and discovered that nearly two-thirds had exposed verified…
-
Your passwordless future may never fully arrive
Tags: access, api, attack, authentication, breach, ceo, ciso, cloud, compliance, credentials, cyber, cybersecurity, group, infrastructure, insurance, mfa, network, passkey, password, risk, service, strategy, technology, vpn, zero-trustAll-in passwordless strategies fall short: Jim Taylor, chief product and strategy officer at RSA, says today’s enterprise environment and existing passwordless approaches make “100% passwordless not possible just yet,” adding that “85% is possible, with the 15% representing the complicated and the very specialized” needs such as “security admins who need to log in to…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
Whisper Leak uses a side channel attack to eavesdrop on encrypted AI conversations
Tags: ai, api, attack, ciso, cloud, cyberattack, data, finance, healthcare, leak, LLM, microsoft, mitigation, network, openai, service, side-channel, vpnInside Microsoft’s proof-of-concept: Researchers at Microsoft simulated a real-world scenario in which the adversary could observe encrypted traffic but not decrypt it. They chose “legality of money laundering” as the target topic for the proof-of-concept.For positive samples, the team used a”¯language model”¯to generate 100 semantically similar variants of questions about this topic. For negative”¯noise”¯samples,”¯it randomly…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants API for command and control Weaponized Military Documents Deliver Advanced SSH-Tor Backdoor to Defense Sector Gootloader Returns: What Goodies Did They Bring? Ransomvibing appears in VS Code extensions…