Tag: api
-
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Tags: ai, api, cybersecurity, exploit, flaw, intelligence, remote-code-execution, theft, vulnerabilityCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.”The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing First seen on thehackernews.com Jump to article: thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
-
Chinese cyberspies breached dozens of telecom firms, govt agencies
Google’s Threat Intelligence Group (GTIG), Mandiant, and partners disrupted a global espionage campaign attributed to a suspected Chinese threat actor that used SaaS API calls to hide malicious traffic in attacks targeting telecom and government networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/chinese-cyberspies-breached-dozens-of-telecom-firms-govt-agencies/
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 2026-21852
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 –
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
mquire: Linux memory forensics without external dependencies
If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only…
-
The Coming Regulatory Wave for AI Agents Their APIs
Tags: access, ai, api, attack, ciso, compliance, control, corporate, data, endpoint, finance, framework, governance, guide, infrastructure, leak, monitoring, regulation, risk, toolFor the past two years, the adoption of Generative AI has felt like a gold rush. Organizations raced to integrate Large Language Models and build autonomous agents to assist employees. They often bypassed standard governance processes in the name of speed and innovation. That era of unrestricted experimentation is rapidly drawing to a close. A…
-
Russian group uses AI to exploit weakly-protected Fortinet firewalls, says Amazon
Tags: access, ai, api, attack, authentication, business, ciso, control, credentials, cybersecurity, data-breach, detection, exploit, firewall, fortinet, group, Internet, linkedin, malicious, mfa, monitoring, network, password, russia, software, threat, tool, vpn, vulnerabilityRecommendations: The Amazon report makes a number of recommendations to network admins with FortiGate devices. They include ensuring device management interfaces aren’t exposed to the internet, or, if they have to be, restricting access to known IP ranges and using a bastion host or out-of-band management network. As basic cybersecurity demands, all default and common…
-
NDSS 2025 Generating API Specifications For Bug Detection Via Specification Propagation Analysis
Session 13B: API Security Authors, Creators & Presenters: Miaoqian Lin (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi…
-
NDSS 2025 Generating API Parameter Security Rules With LLM For API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
-
Cracks in the Bedrock: Bypassing SCP Enforcement with Long-Lived API Keys
Introduction Following the release of Amazon Bedrock Powered by AWS Mantle, I discovered a mechanism to bypass Service Control Policy (SCP) statements limiting the use of bedrock-mantle IAM permissions. By leveraging long-lived API keys backed by Service Specific Credentials, I was able to successfully leverage bedrock-mantle:CreateInference despite an SCP statement denying that action. SCPs are……
-
Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens
Cybersecurity researchers have disclosed what they say is an active “Shai-Hulud-like” supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential harvesting and cryptocurrency key theft.The campaign has been codenamed SANDWORM_MODE by supply chain security company Socket. As with prior Shai-Hulud attack waves, the malicious code…
-
128M Users Exposed as Popular VS Code Extensions Reveal Critical Flaws
Serious vulnerabilities in four popular Visual Studio Code (VS Code) extensions, affecting over 128 million downloads. These flaws, including three assigned CVEs CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717, highlight IDEs as the weakest link in organizational supply chain security. Developers often store sensitive data like API keys, business logic, database configs, and even customer info right in…
-
NDSS 2025 The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
Session 13B: API Security Authors, Creators & Presenters: Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Jinghua Liu (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, China), Kai…
-
NDSS 2025 NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities
Session 13A: JavaScript Security Authors, Creators & Presenters: Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University) PAPER NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities The Node.js ecosystem comprises millions of packages written in JavaScript. Many packages…
-
NDSS 2025 A Comprehensive Study Of Security Risks In Deno And Its Ecosystem
Tags: access, api, attack, conference, control, Internet, network, programming, risk, rust, software, supply-chainSession 13A: JavaScript Security Authors, Creators & Presenters: Abdullah AlHamdan (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security) PAPER Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem Node.js and its ecosystem npm are notoriously insecure, enabling the proliferation of supply chain attacks.…
-
What it takes to secure agentic commerce
With AI agents increasingly acting as digital concierges for shoppers, verifying bot identities, securing the APIs they rely on, and detecting anomalous behaviour will be key to safeguarding automated transactions, according to Akamai First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639228/What-it-takes-to-secure-agentic-commerce
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
better-auth Flaw Allows Unauthenticated API Key Creation
A better-auth flaw lets attackers create API keys for arbitrary users, risking account takeover and MFA bypass. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/better-auth-flaw-allows-unauthenticated-api-key-creation/
-
Six flaws found hiding in OpenClaw’s plumbing
Following the data revealed the danger: To overcome the limitations of “traditional static analysis” tools that reportedly struggle with modern software stacks where inputs pass through numerous transformations before reaching risky operations, Endor Labs implemented the AI SAST approach, which, it claimed, maintains context across these transformations.This helped the researchers understand “not only where dangerous…
-
Six flaws found hiding in OpenClaw’s plumbing
Following the data revealed the danger: To overcome the limitations of “traditional static analysis” tools that reportedly struggle with modern software stacks where inputs pass through numerous transformations before reaching risky operations, Endor Labs implemented the AI SAST approach, which, it claimed, maintains context across these transformations.This helped the researchers understand “not only where dangerous…
-
From Exposure to Exploitation: How AI Collapses Your Response Window
We’ve all seen this before: a developer deploys a new cloud workload and grants overly broad permissions just to keep the sprint moving. An engineer generates a “temporary” API key for testing and forgets to revoke it. In the past, these were minor operational risks, debts you’d eventually pay down during a slower cycle.In 2026,…
-
Shadow Machines: The Non-Human Identities Exposing Your Cloud AI Stack
Tags: access, ai, api, authentication, automation, business, cloud, compliance, container, control, credentials, data, encryption, framework, governance, iam, identity, infrastructure, iot, jobs, login, mfa, password, risk, risk-management, saas, service, software, strategy, supply-chain, toolShadow Machines: The Non-Human Identities Exposing Your Cloud & AI Stack madhav Thu, 02/19/2026 – 06:30 The machines we don’t see are the ones running our businesses. Unfortunately, most IAM systems do not track them. In an ironic twist, the ghost in the machine has become the machine itself: invisible, autonomous, and increasingly beyond human…
-
Carelessness versus craftsmanship in cryptography
Tags: access, advisory, api, attack, authentication, computing, credentials, cryptography, data, email, encryption, github, hacker, oracle, side-channel, software, threat, tool, update, vpn, vulnerabilityTwo popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan, the maintainer provided a model response for security vendors. The…
-
Carelessness versus craftsmanship in cryptography
Tags: access, advisory, api, attack, authentication, computing, credentials, cryptography, data, email, encryption, github, hacker, oracle, side-channel, software, threat, tool, update, vpn, vulnerabilityTwo popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects. When we shared one of these bugs with an affected vendor, strongSwan, the maintainer provided a model response for security vendors. The…
-
Flaws in four popular VS Code extensions left 128 million installs open to attack
Tags: access, api, attack, cloud, credentials, cve, flaw, infrastructure, malicious, microsoft, risk, supply-chain, tool, update, vulnerability, xssMicrosoft quietly patched its own extension: The fourth vulnerability played out differently. Microsoft’s Live Preview extension, with 11 million downloads, contained a cross-site scripting flaw that, according to OX Security, let a malicious web page enumerate files in the root of a developer’s machine and exfiltrate credentials, access keys, and other secrets.The researchers reported the…
-
From Shadow APIs to Shadow AI: How the API Threat Model Is Expanding Faster Than Most Defenses
The shadow technology problem is getting worse. Over the past few years, organizations have scaled microservices, cloud-native apps, and partner integrations faster than corporate governance models could keep up, resulting in undocumented or shadow APIs. We’re now seeing this pattern all over again with AI systems. And, even worse, AI introduces non-deterministic behavior, autonomous actions,…
-
Inside Modern API Attacks: What We Learn from the 2026 API ThreatStats Report
API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure. In 2025, the picture changed. Wallarm’s 2026 API ThreatStats Report revealed that APIs are now the primary attack surface for digital business, and not because bad actors discovered…