Tag: api

Bitwarden CLI password manager trojanized in supply chain attack

Apr 24, 2026 1:38 AM

Tags: access, ai, api, attack, automation, cloud, control, credentials, data, github, group, malicious, network, password, software, supply-chain, theft, unauthorized

bw_setup.js that checks if the bun package manager is installed and then uses it to execute bw1.js. If bun doesn’t exist, it is downloaded and installed from GitHub.According to an analysis by security firm JFrog, the malicious payload is designed to detect and collect a board range of credentials and access tokens from the filesystem,…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths

Apr 23, 2026 8:39 PM

Tags: access, api, attack, authentication, automation, breach, control, credentials, crypto, data, data-breach, endpoint, exploit, intelligence, malicious, malware, open-source, pypi, risk, service, software, supply-chain, theft, threat, unauthorized, worm

<div cla TL;DR An open source malware campaign dubbed CanisterSprawl has been observed in npm, stealing sensitive data from developer machines including tokens, API keys, and more. From there, the malware publishes additional compromised packages under hijacked credentials, abusing developer trust in open source ecosystems to spread. Impacted organizations should remove the malware immediately, examine…
Harvester APT Expands Spying Operations with New GoGra Linux Malware

Apr 23, 2026 7:39 PM

Tags: api, apt, linux, malware, microsoft

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control. First seen on hackread.com Jump to article: hackread.com/harvester-apt-spying-new-gogra-linux-malware/
No Off Season: Three Supply Chain Campaigns Hit npm, PyPI, and Docker Hub in 48 Hours

Apr 23, 2026 2:39 PM

Tags: api, attack, cloud, credentials, docker, pypi, supply-chain

Three supply chain attacks hit npm, PyPI, and Docker Hub between April 2123, 2026. All three targeted secrets: API keys, cloud credentials, SSH keys, and tokens from developer environments and CI/CD pipelines. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/no-off-season-three-supply-chain-campaigns-hit-npm-pypi-and-docker-hub-in-48-hours/
Google brings instant email verification to Android, no OTP needed

Apr 23, 2026 2:39 PM

Tags: android, api, credentials, email, google

Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/android-verified-email-credentials-feature/
Microsoft Graph API misused by new GoGra Linux malware for hidden communication

Apr 23, 2026 10:39 AM

Tags: api, backdoor, cyberespionage, group, linux, malicious, malware, microsoft

A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to deliver malicious payloads stealthily. The malware is linked to the Harvester cyberespionage group, which is…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

Apr 23, 2026 5:39 AM

Tags: access, api, attack, backdoor, china, cloud, control, data, detection, github, infection, intelligence, korea, login, malicious, malware, military, monitoring, network, open-source, service, tactics, threat, tool, windows

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon agent, ultimately leading to the download and abuse of Visual Studio (VS) Code tunnels for…
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.

Apr 22, 2026 10:39 PM

Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerability

Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
Microsoft issues outband patch for critical security flaw in update to ASP.NET Core

Apr 22, 2026 9:39 PM

Tags: advisory, api, authentication, container, cve, cvss, data, docker, exploit, flaw, framework, github, login, microsoft, password, update, vulnerability, windows, zero-day

UseCustomCryptographicAlgorithms API.A bug in the .NET 10.0.6 package, released as part of the Patch Tuesday updates on April 14, causes the ManagedAuthenticatedEncryptor library to compute the validation tag for the Hash-based Message Authentication Code (HMAC) using an incorrect offset.Incorrect calculation of security hashes results in the .AspNetCore application cookies and tokens being validated and trusted…
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Apr 22, 2026 6:40 PM

Tags: api, attack, backdoor, control, defense, linux, malware, microsoft, network, threat

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Apr 22, 2026 6:40 PM

Tags: api, attack, backdoor, control, defense, linux, malware, microsoft, network, threat

The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia.”The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypass traditional perimeter network defenses,” the Symantec…
Attacking the MCP Trust Boundary

Apr 22, 2026 4:38 PM

Tags: ai, api, email, service, sql

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
Attacking the MCP Trust Boundary

Apr 22, 2026 4:38 PM

Tags: ai, api, email, service, sql

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
Attacking the MCP Trust Boundary

Apr 22, 2026 4:38 PM

Tags: ai, api, email, service, sql

Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
Toxic Combinations: When Cross-App Permissions Stack into Risk

Apr 22, 2026 2:39 PM

Tags: ai, api, credentials, email, network, openai, risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys…
Microsoft traces Universal Print issues to Graph API code change

Apr 22, 2026 1:39 PM

Tags: api, microsoft

Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-graph-api-code-change-causes-universal-print-share-issues/
New GoGra malware for Linux uses Microsoft Graph API for comms

Apr 22, 2026 12:39 PM

Tags: api, backdoor, infrastructure, linux, malware, microsoft

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-gogra-malware-for-linux-uses-microsoft-graph-api-for-comms/
Vercel Breach: How a Roblox Cheat Download Led to a $2M Data Heist Through AI Tool OAuth Abuse

Apr 21, 2026 6:39 PM

Tags: ai, api, breach, data, google, tool

Vercel breached after attacker compromised Context.ai, hijacked an employee’s Google Workspace via OAuth, and accessed customer API keys and environment variables. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/vercel-breach-how-a-roblox-cheat-download-led-to-a-2m-data-heist-through-ai-tool-oauth-abuse/
Why API Discovery Is the First Step to Securing AI

Apr 21, 2026 5:39 PM

Tags: ai, api, endpoint, risk

TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked. That’s your real exposure. Shadow API discovery gives you visibility into those hidden endpoints, so you can find them before…
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

Apr 21, 2026 3:39 PM

Tags: access, ai, api, automation, cloud, credentials, cybersecurity, data, data-breach, endpoint, finance, flaw, identity, infrastructure, microsoft, saas, service, tool

Watching a privileged operator think out loud: The category of flaw should not be compared too closely to a conventional API bug, said Alexander Hagenah, cybersecurity researcher and executive director at Zurich-based financial infrastructure operator SIX Group.”A normal API issue is usually bound by a specific endpoint, dataset, or permission check. With an AI operations…
Top techniques attackers use to infiltrate your systems today

Apr 21, 2026 11:39 AM

Tags: 2fa, access, ai, api, attack, authentication, automation, business, captcha, cloud, container, control, corporate, credentials, cybercrime, cybersecurity, data, deep-fake, defense, detection, email, exploit, flaw, hacking, Hardware, identity, infrastructure, least-privilege, malicious, mfa, microsoft, monitoring, network, password, phishing, powershell, ransomware, risk, saas, scam, service, social-engineering, software, supply-chain, theft, tool, training, vpn, vulnerability, worm

Network security device hacking: Network edge devices have increasingly drawn attackers’ attention over the past two years, establishing a new battleground where the very devices meant to protect the network have become attractive targets for exploitation.As a result, flaws in security device, such as SSL VPN systems and other gateways, are among the top initial…
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects

Apr 21, 2026 7:39 AM

Tags: ai, api, breach, credentials, cyber, data, data-breach, flaw

The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the platform before November 2025. According to a detailed public disclosure by security researcher…
Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand

Apr 20, 2026 8:39 PM

Tags: access, api, cloud, hacker, ransom, security-incident, threat

Vercel confirms a security incident after a threat actor claims internal access and demands a $2M ransom, raising concerns about API keys, CI/CD pipelines, and cloud security. The post Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-vercel-security-incident-ransom-claims/
Wie Hacker über GitHub-Kommentare KI-Agenten von Google und Anthropic kapern

Apr 18, 2026 12:39 PM

Tags: ai, api, exploit, github, google, hacker, injection, tool

Ein Sicherheitsforscher hat eine neue Form der Prompt Injection aufgedeckt, die populäre KI-Tools wie Claude Code, Gemini CLI und GitHub Copilot verwundbar macht. Über präparierte Kommentare und PR-Titel können Hacker Schadcode ausführen und sensible API-Schlüssel extrahieren. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/github-kommentare-ki
[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

Apr 18, 2026 11:37 AM

Tags: ai, api, cloud, credentials, data, service

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave,…
Top XBOW Alternatives in 2026

Apr 17, 2026 4:38 PM

Tags: ai, api, authentication, penetration-testing

Escape is the best XBOW alternative for continuous AI pentesting across APIs, web apps, and complex authentication, with regression testing, developer-ready remediation, and platform pricing suited for rapidly scaling orgs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/top-xbow-alternatives-in-2026/
Top XBOW Alternatives in 2026

Apr 17, 2026 4:38 PM

Tags: ai, api, authentication, penetration-testing

Escape is the best XBOW alternative for continuous AI pentesting across APIs, web apps, and complex authentication, with regression testing, developer-ready remediation, and platform pricing suited for rapidly scaling orgs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/top-xbow-alternatives-in-2026/
The Shadow AI Trap: Why Your AI Inventory is Your Biggest EU AI Act Compliance Risk FireTail Blog

Apr 17, 2026 1:41 AM

Tags: access, ai, api, automation, ciso, cloud, compliance, computing, control, data, governance, grc, infrastructure, LLM, monitoring, risk, risk-management, saas, service, software, tool

Apr 16, 2026 – Alan Fagan – The EU AI Act cares about evidence, not intentWhen National Competent Authorities begin enforcement on August 2, 2026, they will ask organisations what AI systems they operate, how those systems are being used, and what controls are in place. Many organisations will struggle to answer these questions.The Shadow…