Tag: api
-
AI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report
Tags: ai, api, attack, authentication, awareness, breach, cloud, compliance, computing, control, crypto, cryptography, data, encryption, guide, malicious, malware, mfa, nist, passkey, phishing, privacy, programming, ransomware, regulation, risk, software, strategy, threat, tool, vulnerabilityAI, Quantum and the Evolving Threat Landscape: Key Findings from the Thales 2025 Data Threat Report madhav Tue, 05/27/2025 – 04:40 The Thales 2025 Data Threat Report reveals a critical inflection point in global cybersecurity. As the threat landscape grows more complex and hostile, the rapid adoption of generative AI is amplifying both opportunity and…
-
Unlocking the Gates: REST API Authentication Methods for Modern Security
From Basic Auth’s simplicity to OAuth 2.0’s delegated muscle, this quick-read unpacks the strengths, gaps, and best-fit use cases of the four core REST API authentication methods”, so you pick security that scales, not slows. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/unlocking-the-gates-rest-api-authentication-methods-for-modern-security/
-
»manage it« TechTalk: Wie sich API-Endpunkte schützen lassen
Auf der Sicherheitsveranstaltung von Heise namens secIT haben wir mit Markus Hennig, Distributed Cloud Evangelist bei F5, dieses Videointerview geführt. Darin wollten wir wissen, wie sich API-Endpunkte mithilfe des 360-Grad-Prinzips schützen lassen. Die Antwort dazu liefert er in knapp 90 Sekunden. First seen on ap-verlag.de Jump to article: ap-verlag.de/manage-it-techtalk-wie-sich-api-endpunkte-schuetzen-lassen/96070/
-
StackHawk Secures $12M to Tackle API Security Challenges in AI-Driven Development
First seen on scworld.com Jump to article: www.scworld.com/news/stackhawk-secures-12m-to-tackle-api-security-challenges-in-ai-driven-development
-
Hacker bietet 1,2 Milliarden Facebook-Nutzerdaten im Darknet ist es ein Fake?
Gab es ein neues Datenleck bei Meta-Tochter Facebook? Ein Hacker behauptet 1,2 Milliarden Facebook-Nutzerdaten über eine API abgezogen zu haben und bietet diese im Darknet zum Kauf an. Es gibt aber Zweifel, ob diese Daten neu sind. Meta meint dazu, … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/05/23/hacker-bietet-12-milliarden-facebook-nutzerdaten-im-darknet-ist-es-ein-fake/
-
Neue Malware-Kampagne zielt auf offene Docker-Umgebungen
Eine neu entdeckte Cyberkampagne nutzt schwach gesicherte Docker-APIs als Einfallstor in containerisierte Infrastrukturen. Mit raffiniert getarnten Malware-Komponenten übernehmen die Angreifer Containerumgebungen, schürfen Kryptowährungen und nutzen kompromittierte Systeme als Sprungbrett für weitere Attacken. Die potenzielle Ausbreitung ist enorm. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/neue-malware-kampagne-zielt-auf-offene-docker-umgebungen/
-
Fortinet Zero-Day Under Attack: PoC Now Publicly Available
Tags: advisory, api, attack, cve, cyber, flaw, fortinet, remote-code-execution, vulnerability, zero-dayFortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies. This flaw allows for unauthenticated remote code execution, making it a prime target for…
-
Getarnte Krypto-Miner kapern Docker-Container
Eine neue, raffiniert angelegte Cyberkampagne nutzt Schwachstellen in öffentlich erreichbaren Docker-APIs aus. Ziel ist es, Container-Umgebungen mit Krypto-Mining-Malware zu infizieren und das mit hohem Automatisierungsgrad. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/krypto-miner-docker
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
Cybercriminals Using Trusted Google Domains to Spread Malicious Code
A sophisticated new malvertising scheme has emerged, transforming trusted e-commerce websites into phishing traps without the knowledge of site owners or advertisers. Cybercriminals are exploiting integrations with Google APIs, specifically through JSONP (JSON with Padding) calls, to inject malicious scripts into legitimate online stores. These scripts operate covertly, redirecting unsuspecting shoppers to fraudulent payment pages…
-
Attackers Abuse TikTok and Instagram APIs
It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python…
-
Securing Open Banking: How Fintechs Can Defend Against Automated Fraud API Abuse
Open Banking is accelerating innovation, and fraud”, with API abuse, credential stuffing, and fake account creation now among the top threats fintechs must defend against in real time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/securing-open-banking-how-fintechs-can-defend-against-automated-fraud-api-abuse/
-
Threat Actor Selling 1.2 Billion Facebook Records, But Details Don’t Add Up
Threat actor ‘ByteBreaker’ claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts. First seen on hackread.com Jump to article: hackread.com/threat-actor-selling-1-2-billion-facebook-records/
-
TikTok, Instagram APIs exploited by PyPI packages for account validation
First seen on scworld.com Jump to article: www.scworld.com/brief/tiktok-instagram-apis-exploited-by-pypi-packages-for-account-validation
-
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malwareA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
-
Ransomware-Bande BlackBasta hat neuen Malware-Favoriten
Modularität für verschiedene Zwecke: Die Malware Skitnet verfügt über separate Plug-ins umAnmeldeinformationen zu sammeln,Berechtigungen auszuweiten,sich im Netzwerk lateral zu bewegen undRansomware bereitzustellen.Sie nutzt die Programmiersprachen Rust und Nim, um eine verdeckte Reverse Shell über das DNS-Protokoll zu realisieren. Dadurch ist eine unauffällige C2-Kommunikation möglich.Zusätzlich verwendet Skitnet Verschlüsselung, manuelles Mapping und dynamische API-Auflösung, um nicht entdeckt…
-
Hacker-Attacke auf Kosten von Kling-AI Gefälschte Facebook-Auftritte verbreiten Remote-Access-Trojaner
Sicherheitsforscher von Check Point Software Technologies deckten Anfang 2025 einen großangelegten Datenklau auf. Das weltweit erste breit nutzbare DiT-Video-Generation-Tool Kling-AI verzeichnet seit April 2025 rund 22 Millionen Nutzer global und über 15 000 Entwickler sowie Geschäftskunden, die bereits die Kling-API in verschiedene Unternehmensbereiche eingebunden haben. Check Point stieß auf gefälschte Facebook-Werbung und -Auftritte für das…
-
Trust becomes an attack vector in the new campaign using trojanized KeePass
Tags: access, api, attack, authentication, backup, breach, ceo, control, credentials, defense, edr, identity, open-source, password, ransomware, risk, service, software, veeam, vmware, zero-trustIdentity is the new perimeter: Once KeeLoader stole vault credentials-often including domain admin, vSphere, and backup service accountattackers moved fast. Using SSH, RDP, and SMB protocols, they quietly seized control of jump servers, escalated privileges, disabled multifactor authentication, and pushed ransomware payloads directly to VMware ESXi hypervisors.Jason Soroko of Sectigo called it a “textbook identity…
-
Salt Security deepens API integration with Wiz
Tags: apiFirst seen on scworld.com Jump to article: www.scworld.com/brief/salt-security-deepens-api-integration-with-wiz
-
Scripting Outside the Box: API Client Security Risks (2/2)
Continuing on API client security, we cover more sandbox bypasses, this time in Bruno and Hoppscotch, as well as JavaScript sandboxing best practices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/05/scripting-outside-the-box-api-client-security-risks-2-2/
-
Schädliche PyPI-Pakete missbrauchen Instagram- und TikTok-APIs
Cybersecurity-Forscher haben mehrere bösartige Python-Pakete entdeckt, die gezielt auf gestohlene E-Mail-Adressen angesetzt wurden. Die Tools nutzten offizielle Programmierschnittstellen (APIs) von TikTok und Instagram, um zu prüfen, ob bestimmte E-Mail-Adressen mit Nutzerkonten verknüpft sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/pypi-instagram-tiktok-apis
-
8 KI-Sicherheitsrisiken, die Unternehmen übersehen
Tags: access, ai, api, application-security, authentication, cisco, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, framework, governance, hacker, injection, LLM, RedTeam, risk, risk-management, security-incident, software, threat, tool, vulnerabilityIn ihrem Wettlauf um Produktivitätssteigerungen durch generative KI übersehen die meisten Unternehmen die damit verbundenen Sicherheitsrisiken.Laut einer Studie des Weltwirtschaftsforums, die in Zusammenarbeit mit Accenture durchgeführt wurde, versäumen es 63 Prozent der Unternehmen, die Sicherheit von KI-Tools vor deren Einsatz zu überprüfen. Dadurch gehen sie eine Reihe von Risiken für ihr Unternehmen ein.Dies gilt sowohl…
-
Hackers Abuse TikTok and Instagram APIs to Verify Stolen Account Credentials
Cybercriminals are leveraging the Python Package Index (PyPI) to distribute malicious tools designed to exploit TikTok and Instagram APIs for verifying stolen account credentials. Security researchers at Socket have identified three such packages checker-SaGaF, steinlurks, and sinnercore that automate the process of validating emails and usernames against social media platforms. Released between April 2023 and…
-
Skitnet malware: The new ransomware favorite
Tags: access, api, awareness, cybersecurity, data, detection, dns, encryption, malware, phishing, powershell, programming, ransomware, risk, rust, tool, trainingMalware employs advanced obfuscation: According to a Prodaft description, Skitnet uses Rust and Nim programming languages to execute a stealthy reverse shell over DNS, which is a method of covert C2 Communication using the DNS protocol instead of HTTP or other typical channels.Additionally, the malware leverages encryption, manual mapping, and dynamic API resolution to evade…
-
Malicious npm Package in Koishi Chatbots Steals Sensitive Data in Real Time
Socket’s Threat Research Team has uncovered a dangerous npm package named koishi-plugin-pinhaofa, masquerading as a spelling-autocorrect helper for Koishi chatbots. Marketed innocently, this plugin embeds a insidious data-exfiltration backdoor that scans every incoming message for an eight-character hexadecimal string a common format for Git commit hashes, truncated JWT tokens, API keys, or device IDs. Upon…
-
Forscher deckt auf: Vertrauliche Daten von VW-Besitzern waren frei abrufbar
Tags: apiEin Forscher hat gravierende Sicherheitsmängel in der Volkswagen-App und der zugehörigen API aufgedeckt. Daten fremder Autos konnten leicht erbeutet werden. First seen on golem.de Jump to article: www.golem.de/news/forscher-deckt-auf-vertrauliche-daten-von-vw-besitzern-waren-frei-abrufbar-2505-196363.html
-
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs.All three packages are no longer available on PyPI. The names of the Python packages are below -checker-SaGaF (2,605 downloads)steinlurks (1,049 downloads)sinnercore (3,300 downloads) First seen on…