Tag: api

Getarnte Krypto-Miner kapern Docker-Container

May 23, 2025 5:54 AM

Tags: api, container, crypto, docker, malware, vulnerability

Eine neue, raffiniert angelegte Cyberkampagne nutzt Schwachstellen in öffentlich erreichbaren Docker-APIs aus. Ziel ist es, Container-Umgebungen mit Krypto-Mining-Malware zu infizieren und das mit hohem Automatisierungsgrad. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/krypto-miner-docker
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine

May 23, 2025 5:54 AM

Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerability

Credential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
Cybercriminals Using Trusted Google Domains to Spread Malicious Code

May 22, 2025 5:54 PM

Tags: api, cyber, cybercrime, exploit, google, malicious, malware, phishing

A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps without the knowledge of site owners or advertisers. Cybercriminals are exploiting integrations with Google APIs, specifically through JSONP (JSON with Padding) calls, to inject malicious scripts into legitimate online stores. These scripts operate covertly, redirecting unsuspecting shoppers to fraudulent payment pages…
Attackers Abuse TikTok and Instagram APIs

May 22, 2025 4:55 PM

Tags: api, exploit, LLM, malicious, tool

It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python…
Prompt injection flaws in GitLab Duo highlights risks in AI assistants

May 22, 2025 12:55 PM

Tags: access, ai, api, control, flaw, gitlab, injection, leak, LLM, malicious, risk, unauthorized

AI prompt injection leads to HTML injection: Duo sends responses to users in a chatbot HTML-based interface that uses the Markdown language to format text. The researchers observed that its answers were rendered progressively as they streamed in from the backend LLM and that gave them the idea that if they managed to inject HTML…
Securing Open Banking: How Fintechs Can Defend Against Automated Fraud API Abuse

May 22, 2025 12:54 AM

Tags: api, banking, credentials, fintech, fraud, threat

Open Banking is accelerating innovation, and fraud”, with API abuse, credential stuffing, and fake account creation now among the top threats fintechs must defend against in real time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/securing-open-banking-how-fintechs-can-defend-against-automated-fraud-api-abuse/
Threat Actor Selling 1.2 Billion Facebook Records, But Details Don’t Add Up

May 21, 2025 11:54 PM

Tags: api, data, identity, threat

Threat actor ‘ByteBreaker’ claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts. First seen on hackread.com Jump to article: hackread.com/threat-actor-selling-1-2-billion-facebook-records/
TikTok, Instagram APIs exploited by PyPI packages for account validation

May 21, 2025 10:54 PM

Tags: api, exploit, pypi

First seen on scworld.com Jump to article: www.scworld.com/brief/tiktok-instagram-apis-exploited-by-pypi-packages-for-account-validation
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

May 21, 2025 7:54 PM

Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malware

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
Ransomware-Bande BlackBasta hat neuen Malware-Favoriten

May 21, 2025 3:55 PM

Tags: api, dns, encryption, malware, powershell, ransomware, rust, tool

Modularität für verschiedene Zwecke: Die Malware Skitnet verfügt über separate Plug-ins umAnmeldeinformationen zu sammeln,Berechtigungen auszuweiten,sich im Netzwerk lateral zu bewegen undRansomware bereitzustellen.Sie nutzt die Programmiersprachen Rust und Nim, um eine verdeckte Reverse Shell über das DNS-Protokoll zu realisieren. Dadurch ist eine unauffällige C2-Kommunikation möglich.Zusätzlich verwendet Skitnet Verschlüsselung, manuelles Mapping und dynamische API-Auflösung, um nicht entdeckt…
Hacker-Attacke auf Kosten von Kling-AI Gefälschte Facebook-Auftritte verbreiten Remote-Access-Trojaner

May 21, 2025 3:55 PM

Tags: access, ai, api, hacker, software, tool

Sicherheitsforscher von Check Point Software Technologies deckten Anfang 2025 einen großangelegten Datenklau auf. Das weltweit erste breit nutzbare DiT-Video-Generation-Tool Kling-AI verzeichnet seit April 2025 rund 22 Millionen Nutzer global und über 15 000 Entwickler sowie Geschäftskunden, die bereits die Kling-API in verschiedene Unternehmensbereiche eingebunden haben. Check Point stieß auf gefälschte Facebook-Werbung und -Auftritte für das…
Trust becomes an attack vector in the new campaign using trojanized KeePass

May 21, 2025 2:54 PM

Tags: access, api, attack, authentication, backup, breach, ceo, control, credentials, defense, edr, identity, open-source, password, ransomware, risk, service, software, veeam, vmware, zero-trust

Identity is the new perimeter: Once KeeLoader stole vault credentials-often including domain admin, vSphere, and backup service accountattackers moved fast. Using SSH, RDP, and SMB protocols, they quietly seized control of jump servers, escalated privileges, disabled multifactor authentication, and pushed ransomware payloads directly to VMware ESXi hypervisors.Jason Soroko of Sectigo called it a “textbook identity…
Salt Security deepens API integration with Wiz

May 20, 2025 10:54 PM

Tags: api

First seen on scworld.com Jump to article: www.scworld.com/brief/salt-security-deepens-api-integration-with-wiz
Scripting Outside the Box: API Client Security Risks (2/2)

May 20, 2025 5:54 PM

Tags: api, risk

Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/scripting-outside-the-box-api-client-security-risks-2-2/
Schädliche PyPI-Pakete missbrauchen Instagram- und TikTok-APIs

May 20, 2025 4:54 PM

Tags: api, cybersecurity, mail, pypi, tool

Cybersecurity-Forscher haben mehrere bösartige Python-Pakete entdeckt, die gezielt auf gestohlene E-Mail-Adressen angesetzt wurden. Die Tools nutzten offizielle Programmierschnittstellen (APIs) von TikTok und Instagram, um zu prüfen, ob bestimmte E-Mail-Adressen mit Nutzerkonten verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/pypi-instagram-tiktok-apis
8 KI-Sicherheitsrisiken, die Unternehmen übersehen

May 20, 2025 4:54 PM

Tags: access, ai, api, application-security, authentication, cisco, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, framework, governance, hacker, injection, LLM, RedTeam, risk, risk-management, security-incident, software, threat, tool, vulnerability

In ihrem Wettlauf um Produktivitätssteigerungen durch generative KI übersehen die meisten Unternehmen die damit verbundenen Sicherheitsrisiken.Laut einer Studie des Weltwirtschaftsforums, die in Zusammenarbeit mit Accenture durchgeführt wurde, versäumen es 63 Prozent der Unternehmen, die Sicherheit von KI-Tools vor deren Einsatz zu überprüfen. Dadurch gehen sie eine Reihe von Risiken für ihr Unternehmen ein.Dies gilt sowohl…
Hackers Abuse TikTok and Instagram APIs to Verify Stolen Account Credentials

May 20, 2025 4:54 PM

Tags: api, breach, credentials, cyber, cybercrime, email, exploit, hacker, malicious, tool

Cybercriminals are leveraging the Python Package Index (PyPI) to distribute malicious tools designed to exploit TikTok and Instagram APIs for verifying stolen account credentials. Security researchers at Socket have identified three such packages checker-SaGaF, steinlurks, and sinnercore that automate the process of validating emails and usernames against social media platforms. Released between April 2023 and…
Skitnet malware: The new ransomware favorite

May 20, 2025 2:54 PM

Tags: access, api, awareness, cybersecurity, data, detection, dns, encryption, malware, phishing, powershell, programming, ransomware, risk, rust, tool, training

Malware employs advanced obfuscation: According to a Prodaft description, Skitnet uses Rust and Nim programming languages to execute a stealthy reverse shell over DNS, which is a method of covert C2 Communication using the DNS protocol instead of HTTP or other typical channels.Additionally, the malware leverages encryption, manual mapping, and dynamic API resolution to evade…
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time

May 20, 2025 11:54 AM

Tags: api, backdoor, cyber, data, malicious, threat

Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a common format for Git commit hashes, truncated JWT tokens, API keys, or device IDs. Upon…
Forscher deckt auf: Vertrauliche Daten von VW-Besitzern waren frei abrufbar

May 20, 2025 11:54 AM

Tags: api

Ein Forscher hat gravierende Sicherheitsmängel in der Volkswagen-App und der zugehörigen API aufgedeckt. Daten fremder Autos konnten leicht erbeutet werden. First seen on golem.de Jump to article: www.golem.de/news/forscher-deckt-auf-vertrauliche-daten-von-vw-besitzern-waren-frei-abrufbar-2505-196363.html
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts

May 20, 2025 9:54 AM

Tags: api, breach, cybersecurity, email, exploit, malicious, pypi, tool

Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.All three packages are no longer available on PyPI. The names of the Python packages are below -checker-SaGaF (2,605 downloads)steinlurks (1,049 downloads)sinnercore (3,300 downloads) First seen on…
BSidesLV24 GroundFloor Prepare For The Apocalypse Exposing Shadow And Zombie APIs

May 19, 2025 5:54 PM

Tags: api, conference

Author/Presenter: Amit Srour Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/bsideslv24-groundfloor-prepare-for-the-apocalypse-exposing-shadow-and-zombie-apis/
A spoof antivirus makes Windows Defender disable security scans

May 19, 2025 2:54 PM

Tags: antivirus, api, detection, malicious, microsoft, tool, windows

Persistent API-level spoofing: While WSC is typically guarded by mechanisms like Protected Process Light (PPL) and signature validation, Defendnot sidesteps these barriers by injecting its code into Taskmgr.exea system-signed, trusted process. From there, it registers the ghost antivirus entry under a spoofed name.Additionally, to ensure it sticks around, defendnot sets up persistence via Windows Task…
Boomi fügt sicheren Managed-File-Transfer seiner cloudnativen Plattform hinzu

May 19, 2025 2:54 PM

Tags: api

Boomi gab eine endgültige Vereinbarung zur Übernahme von Thru, Inc. bekannt, einem Anbieter von Managed-File-Transfer-Lösungen für Unternehmen und zuverlässigen Boomi-Partner. Die Übernahme stellt eine strategische Erweiterung der dateibasierten Integrationsfähigkeiten von Boomi dar, und zwar innerhalb einer einzigen, cloudnativen Plattform, die nahtlos Datenbewegungen über APIs, Anwendungen und Dateien hinweg verwaltet. ‘Da Unternehmen zunehmend eine hybride Mischung…
8 security risks overlooked in the rush to implement AI

May 19, 2025 10:54 AM

Tags: access, ai, api, application-security, attack, authentication, business, ciso, compliance, control, cyber, data, data-breach, exploit, flaw, framework, governance, hacker, injection, leak, LLM, malicious, monitoring, network, privacy, RedTeam, regulation, risk, risk-assessment, risk-management, software, strategy, threat, tool, training, unauthorized, vulnerability

Data exposure AI systems often process large volumes of sensitive information, and without robust testing, organizations may overlook how easily this data can be leaked, either through unsecured storage, overly generous API responses, or poor access controls.”Many AI systems ingest user data during inference or store context for session persistence,” says Dr. Peter Garraghan, chief…
8com GmbH & Co. KG setzt auf Darknet-Datenbank von DarkOwl für die aktive Suche nach Datenlecks

May 19, 2025 7:54 AM

Tags: api, dark-web, data-breach

Durch den Einsatz von Vision UI und Search API von DarkOwl, eines weltweit führenden Anbieters für die Sammlung und Analyse von Darknet-Daten, kann das Security Operations Center von 8com nun auch gezielt nach kompromittierten Daten suchen, um Datenlecks frühzeitig zu identifizieren und Maßnahmen zur Gefahrenabwehr einzuleiten. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/8com-gmbh-co-kg-setzt-auf-darknet-datenbank-von-darkowl—fur-die-aktive-suche-nach-datenlecks
Hanko: Open-source authentication and user management

May 19, 2025 6:54 AM

Tags: api, authentication, open-source

Hanko is an open-source, API-first authentication solution purpose-built for the passwordless era. >>We focus on helping developers and organizations modernize their … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/19/hanko-open-source-authentication-user-management/
Cyberangriff auf eine Hafenbehörde in Mexiko

May 18, 2025 10:54 AM

Tags: api, cyberattack

Ataque cibernético a API-BCS no generó pérdidas económicas First seen on tribunademexico.com Jump to article: tribunademexico.com/ataque-cibernetico-a-api-bcs/
Salt Security Partners With Wiz, Combines Cloud and API Security

May 16, 2025 9:54 PM

Tags: api, cloud, risk

API security orgnanisation Salt Security has announced its expanded partnership and new integration with Wiz, the leader in cloud security. The integration between Salt Security and Wiz enables organisations to detect, comprehend, and respond to both API security posture gaps and critical risks directly within their cloud security infrastructure. The complexity and size of modern…
Salt Security and Wiz Integrate API and Cloud Security for Unified Risk Management

May 15, 2025 10:54 PM

Tags: api, cloud, risk, risk-management

First seen on scworld.com Jump to article: www.scworld.com/news/salt-security-and-wiz-integrate-api-and-cloud-security-for-unified-risk-management