Tag: api

Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Sep 9, 2025 3:09 PM

Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerability

Financial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads

Sep 9, 2025 3:09 PM

Tags: api, attack, blockchain, breach, crypto, data, detection, email, finance, github, malicious, malware, monitoring, network, open-source, phishing, risk, strategy, supply-chain, theft, tool, update, vulnerability

Financial impact surprisingly limited: Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. “We were tracking approximately $970 in stolen funds to attacker-controlled wallets,” Eriksen said, highlighting a significant disconnect between the attack’s potential reach and its realized damage.This limited financial impact reflected both the attackers’ operational carelessness and…
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Sep 9, 2025 3:09 PM

Tags: api, botnet, data-breach, docker, malware, tool

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Sep 9, 2025 3:09 PM

Tags: api, botnet, data-breach, docker, malware, tool

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Sep 9, 2025 3:09 PM

Tags: api, botnet, data-breach, docker, malware, tool

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. First seen on hackread.com Jump to article: hackread.com/new-docker-malware-blocking-rivals-exposed-apis/
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs

Sep 9, 2025 2:08 PM

Tags: adobe, api, cve, cyber, data, hacker, open-source, theft, update, vulnerability

Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
SessionReaper Vulnerability Puts Magento Adobe Commerce Sites in Hacker Crosshairs

Sep 9, 2025 2:08 PM

Tags: adobe, api, cve, cyber, data, hacker, open-source, theft, update, vulnerability

Adobe has broken its regular patch schedule to address CVE-2025-54236, a critical vulnerability in Magento Commerce and open-source Magento installations. Dubbed “SessionReaper,” this vulnerability allows attackers to bypass input validation in the Magento Web API, enabling automated account takeover, data theft, and fraudulent orders without requiring valid session tokens. Adobe will release an emergency fix…
TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Sep 9, 2025 1:08 PM

Tags: api, attack, cybersecurity, data-breach, docker, network

Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.Akamai, which discovered the latest activity last month, said it’s designed to block other actors from accessing the Docker API from the internet.The findings build on a prior report from Trend Micro in…
New Malware Exploits Exposed Docker APIs to Gain Persistent Root SSH Access

Sep 9, 2025 11:08 AM

Tags: access, api, cyber, data-breach, docker, exploit, infection, infrastructure, malware

The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micro report by blocking other attackers from accessing the Docker API and delivering a modular payload rather than…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
APT37 Targets Windows with Rust Backdoor and Python Loader

Sep 8, 2025 5:08 PM

Tags: api, attack, backdoor, cctv, cloud, computer, control, data, detection, exploit, government, group, infection, injection, jobs, korea, malicious, malware, microsoft, monitoring, north-korea, organized, password, phishing, powershell, programming, rust, service, social-engineering, spear-phishing, startup, tactics, theft, threat, tool, update, vulnerability, windows

IntroductionAPT37 (also known as ScarCruft, Ruby Sleet, and Velvet Chollima) is a North Korean-aligned threat actor active since at least 2012. APT37 primarily targets South Korean individuals connected to the North Korean regime or involved in human rights activism, leveraging custom malware and adopting emerging technologies.In recent campaigns, APT37 utilizes a single command-and-control (C2) server…
Argo CD Security Flaw Rated 9.8 Leaves GitOps Repositories Exposed

Sep 8, 2025 11:08 AM

Tags: api, cloud, credentials, cve, cvss, data-breach, flaw, kubernetes, open-source, password, tool, vulnerability

A security flaw in Argo CD, the popular open-source GitOps tool for Kubernetes, has been targeted at the DevOps and cloud-native communities. Tracked as CVE-2025-55190, the vulnerability has been rated critical with a CVSS score of 9.8 out of 10, as it allows attackers to retrieve sensitive repository credentials, including usernames and passwords, through a…
Critical Argo CD API Flaw Exposes Repository Credentials to Attackers

Sep 8, 2025 8:08 AM

Tags: api, credentials, cvss, cyber, flaw, kubernetes, open-source, password, tool, vulnerability

A major security flaw has been discovered in Argo CD, a popular open-source tool used for Kubernetes GitOps deployments. The vulnerability allows project-level API tokens to expose sensitive repository credentials, such as usernames and passwords, to attackers. The issue has been classified as critical with a CVSS score of 9.8/10 and is tracked asCVE-2025-55190. The…
MeetC2 A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Sep 6, 2025 12:20 PM

Tags: api, blueteam, cloud, control, detection, framework, google, tactics, tool

MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response. Background:Modern adversaries increasingly hide command-and-control (C2) traffic inside cloud services. We built this proof of concept (PoC) to study and demonstrate those techniques in a controlled way, emulating those tactics so red and blue teams…
Max severity Argo CD API flaw leaks repository credentials

Sep 5, 2025 6:20 PM

Tags: access, api, credentials, endpoint, flaw, leak, vulnerability

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-argo-cd-api-flaw-leaks-repository-credentials/
10 Best Attack Surface Management (ASM) Companies in 2025

Sep 5, 2025 2:20 PM

Tags: api, attack, cloud, cyber, cybersecurity, Internet, vulnerability

Attack Surface Management (ASM) is a proactive cybersecurity discipline that helps organizations identify, analyze, and remediate all of their internet-facing assets and potential vulnerabilities. It goes beyond traditional vulnerability scanning to find and continuously monitor unknown or unmanaged assets, such as rogue cloud instances, misconfigured APIs, and shadow IT, that attackers use as entry points.…
Hackers Exploit Google Calendar API with Serverless MeetC2 Framework

Sep 5, 2025 10:20 AM

Tags: api, blueteam, cloud, communications, control, cyber, detection, exploit, framework, google, hacker, malicious, PurpleTeam, saas

A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamlessly blend C2 communications into everyday SaaS usage, presenting fresh detection, telemetry, and response challenges for red and blue teams alike. In a recent internal purple-team…
Datenpanne bei Palo Alto Networks, Zscaler und Cloudflare

Sep 4, 2025 5:20 PM

Tags: access, ai, api, ciso, cyber, cyberattack, data-breach, endpoint, framework, group, mail, network, phishing, risk, saas, smishing, social-engineering, software, strategy, supply-chain, tool, zero-trust

Auch IT-Unternehmen, selbst im Bereich Cyber-Security sind nicht vor erfolgreichen Cyber-Attacken gefeit.Palo Alto Networks, ZScaler und Cloudflare haben bekannt gegeben, dass sie von einem Cyberangriff über Salesloft Drift getroffen wurden. Hierbei handelt es sich um eine Drittanbieteranwendung, die Vertriebsabläufe automatisiert. Sie ist in Salesforce-Datenbanken integriert ist, um Leads und Kontaktinformationen zu verwalten. Im Statement von…
Datenpanne bei Palo Alto Networks, Zscaler und Cloudflare

Sep 4, 2025 5:20 PM

Tags: access, ai, api, ciso, cyber, cyberattack, data-breach, endpoint, framework, group, mail, network, phishing, risk, saas, smishing, social-engineering, software, strategy, supply-chain, tool, zero-trust

Auch IT-Unternehmen, selbst im Bereich Cyber-Security sind nicht vor erfolgreichen Cyber-Attacken gefeit.Palo Alto Networks, ZScaler und Cloudflare haben bekannt gegeben, dass sie von einem Cyberangriff über Salesloft Drift getroffen wurden. Hierbei handelt es sich um eine Drittanbieteranwendung, die Vertriebsabläufe automatisiert. Sie ist in Salesforce-Datenbanken integriert ist, um Leads und Kontaktinformationen zu verwalten. Im Statement von…
SHARED INTEL QA: Inside the mind of a hacker, shadowing adversaries across API pathways

Sep 4, 2025 4:20 PM

Tags: api, business, ciso, hacker, network

In today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it. Related: The hidden cost of API security laspses For Jamison Utter, Field CISO at A10 Networks, this moment marks… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/shared-intel-qa-inside-the-mind-of-a-hacker-shadowing-adversaries-across-api-pathways/
Reflecting on Wallarm’s Journey: Growth, Resilience, and What Comes Next

Sep 4, 2025 1:19 PM

Tags: ai, api, detection, resilience

By Ivan Novikov and Stepan Ilyin When we started Wallarm, we focused on the APIs that power modern apps. We built an API-first platform, used AI from day one, and secured early patents in behavior-based detection and automated policy creation. The result: real-time, inline blocking with automatic API discovery that protects production, not just dashboards.…
The Full Lifecycle Imperative: Why >>Shift Left<>Shift Right<<

Sep 3, 2025 8:20 PM

Tags: access, ai, api, attack, authentication, automation, business, cloud, compliance, data, detection, framework, governance, HIPAA, mitre, nist, PCI, risk, siem, strategy, threat, tool, vulnerability, waf

In this series, we examined the vital connection between AI and APIs, highlighting what makes a leader in the API security market through the 2025 KuppingerCole Leadership Compass. Now, we turn to the core strategy of true API security: the full-lifecycle approach, where security is a continuous, integrated process rather than a single action. The…
Empire Red Teaming Tool Updated With Enhanced Agents and API Support

Sep 3, 2025 1:19 PM

Tags: api, cyber, exploit, framework, RedTeam, tool, update

The BC-SECURITY team has released a major update to its flagship offensive security framework,Empire, introducing enhanced agent capabilities and comprehensive API support designed to streamline post-exploitation operations and adversary emulation for Red Teams and penetration testers worldwide. Enhanced Features Drive Advanced Operations Empire’s latest iteration showcases aserver/client architectureengineered for multiplayer support, enabling distributed teams to…
Stealthy Python Malware Uses Discord to Steal Windows Data

Sep 3, 2025 8:20 AM

Tags: api, cyber, data, malware, windows

Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to enumerate processes, navigate directories, manipulate memory, and manage security settings. Once executed, it methodically collects…
Stealthy Python Malware Uses Discord to Steal Windows Data

Sep 3, 2025 8:20 AM

Tags: api, cyber, data, malware, windows

Inf0s3c Stealer, a stealthy Python-based grabber built to harvest system information and user data from Windows hosts. Packed as a 64-bit PE file compressed with UPX and bundled via PyInstaller, the executable imports a suite of Windows API functions to enumerate processes, navigate directories, manipulate memory, and manage security settings. Once executed, it methodically collects…
Palo Alto Networks, Zscaler, Cloudflare hit by the latest data breach

Sep 3, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, breach, business, ciso, credentials, cybersecurity, data, data-breach, email, endpoint, group, identity, incident response, jobs, login, monitoring, network, password, phishing, phone, risk, saas, scam, service, social-engineering, software, strategy, supply-chain, theft, threat, tool, zero-trust

CSO, in response to a request for clarification. “In the case of Zscaler and Palo Alto, because they sell solutions in the SASE space, their compromise can be particularly problematic since this may end up unfolding into a third-party or even fourth-party compromise,” said Flavio Villanustre, SVP and CISO for LexisNexis Risk Solutions. “Keep in mind…
Top 10 Best API Penetration Companies In 2025

Sep 3, 2025 12:20 AM

Tags: api, business, cyber, cybersecurity, flaw, penetration-testing, tool, vulnerability

Securing APIs is a critical cybersecurity challenge in 2025 as they are the backbone of modern applications and a prime target for attackers. API penetration testing is no longer an optional check; it’s a necessity for finding business logic flaws, authorization bypasses, and other complex vulnerabilities that automated tools can’t detect. The best companies in…
Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Sep 2, 2025 10:20 PM

Tags: api

I’m going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/automatic-secrets-redaction-at-runtime-building-a-gitguardian-lambda-extension/
Automatic Secrets Redaction at Runtime: Building a GitGuardian Lambda Extension

Sep 2, 2025 10:20 PM

Tags: api

I’m going to show you how to build a Lambda Runtime API extension that automatically scans and redacts sensitive information from your function responses, without touching a single line of your existing function code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/automatic-secrets-redaction-at-runtime-building-a-gitguardian-lambda-extension/