Tag: api
-
Google Cloud Suffers Major Disruption After API Management Error
Google Cloud experienced one of its most significant outages in recent years, disrupting a vast array of services and impacting millions of users and businesses worldwide. The disruption, which lasted for over three hours, was traced back to a critical error in Google Cloud’s API management system, highlighting the vulnerabilities inherent in modern cloud infrastructure.…
-
Google links massive cloud outage to API management issue
Google says an API management issue is behind Thursday’s massive Google Cloud outage, which disrupted or brought down its services and many other online platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-links-massive-cloud-outage-to-api-management-issue/
-
How identity management is shifting into the agent era
We’re witnessing a shift in enterprise architecture: AI agents are moving from supporting roles to autonomous actors that drive decisions, trigger transactions, and interact directly with APIs, often on behalf of users. As a result, identity management is evolving. Identity isn’t just for humans anymore, it’s becoming the security backbone for intelligent, non-human… First seen…
-
SHARED INTEL QA: A sharper lens on rising API logic abuse, and a framework to fight back
In today’s digital enterprise, API-driven infrastructure is the connective tissue holding everything together. Related: The DocuSign API-abuse hack From mobile apps to backend workflows, APIs are what keep digital services talking”, and scaling. But this essential layer of connectivity is also… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/shared-intel-qa-a-sharper-lens-on-rising-api-logic-abuse-and-a-framework-to-fight-back/
-
Apache Kafka Arbitrary File Read and SSRF Vulnerability (CVE-2025-27817)
Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the arbitrary file read and SSRF vulnerabilities in Apache Kafka (CVE-2025-27817); Because the Apache Kafka client does not strictly validate and restrict user input, an unauthenticated attacker can elevate the file system/environment/URL access rights of the REST API by constructing malicious configurations…The…
-
From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection
Browser automation tools like Puppeteer, Playwright, and Selenium are widely used for testing, scraping, and other automation tasks. However, because they were not designed with stealth in mind, they often expose detectable traces. These can include headless browser markers, inconsistencies in JavaScript APIs, or synthetic input patterns, all of which First seen on securityboulevard.com Jump…
-
APIContext Releases Guide to Enterprise API Readiness for Autonomous AI Agents
In 2025, agentic AI has rapidly moved from theoretical promise to real-world implementation, reshaping the digital infrastructure of enterprises worldwide. These autonomous systems, capable of making decisions, initiating actions, and interacting with APIs at machine speed, are unlocking extraordinary efficiencies across industries. But with innovation comes risk and with that in mind, APIContext have today…
-
Mirai botnet weaponizes PoC to exploit Wazuh open-source XDR flaw
Two Mirai variants integrate the exploit: The first botnet exploiting CVE-2025-24016 was detected by Akamai in March and used a proof-of-concept (PoC) exploit that was published for the vulnerability in late February. That exploit targets the /security/user/authenticate/run_as API endpoint.The second botnet was detected in early May and targeted the /Wazuh endpoint, but the exploit payload…
-
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs, including application secrets, API keys, service accounts, and OAuth tokens, have exploded in recent years, thanks to an…
-
Exploitation of Critical Wazuh Server RCE Vulnerability Leads to Mirai Variant Deployment
The Akamai Security Intelligence and Response Team (SIRT) has uncovered active exploitation of a critical remote code execution (RCE) vulnerability in Wazuh servers, identified as CVE-2025-24016 with a CVSS score of 9.9. Disclosed in February 2025, this vulnerability affects Wazuh versions 4.4.0 through 4.9.0 and stems from unsafe deserialization in the Distributed API (DAPI) requests,…
-
Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems
Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api. First seen on hackread.com Jump to article: hackread.com/backdoors-npm-packages-attackers-wipe-systems/
-
Chrome extension privacy promises undone by hardcoded secrets, leaky HTTP
Extension code uses hardcoded credentials: Guo added that hardcoded credentials, such as API keys, secrets, and tokens, are exposed within popular extensions’ JavaScript, making them accessible to anyone who inspects the extension’s source code. For instance, Avast Online Security and Privacy and AVG Online Security extensions, aimed at browsing privacy and security, both contain hardcoded Google…
-
Unmasking the silent saboteur you didn’t know was running the show
Tags: 5G, access, ai, api, attack, authentication, backup, blockchain, breach, ciso, cloud, compliance, control, cybersecurity, data, defense, endpoint, firewall, firmware, GDPR, governance, Hardware, incident response, iot, ISO-27001, login, malicious, network, nis-2, PCI, service, siem, supply-chain, threat, zero-trustCybersecurity depends on accurate clocks : Your logs are only as valuable as your clocks are accurate. If your servers are out of sync, forget to reconstruct timelines. You’ll spend hours chasing phantom alerts. Event correlation and forensics Your SIEM is only as good as the timestamps it gets. Correlating events across endpoints, firewalls and cloud…
-
Cloud assets have 115 vulnerabilities on average, some several years old
Tags: access, ai, api, attack, cloud, credentials, data, data-breach, github, gitlab, iam, infrastructure, risk, service, strategy, threat, vulnerabilityIsolated risks lead to bigger issues: Orca also warns that half of organizations have assets exposing attack paths that can lead to sensitive data exposure, as well as 23% with paths that lead to broad permission access and compromised hosts. Attack paths are the combination of risks that appear isolated but can be combined to…
-
Malicious npm Utility Packages Enable Attackers to Wipe Production Systems
Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias >>botsailer
-
Cybersecurity 2025: The Trends Defining Risk and How to Stay Ahead
Cybersecurity 2025: The Trends Defining Risk and How to Stay Ahead Cybersecurity 2025: The Trends Defining Risk and How to Stay Ahead The rules of cybersecurity are shifting”, again. As 2025 unfolds, companies face a paradox: digital acceleration is non-negotiable, but it’s also becoming their biggest liability. From API sprawl to AI-driven phishing, today’s threats…
-
Chrome Extensions Flaw Exposes Sensitive API Keys, Secrets and Tokens
A critical security flaw has been uncovered in numerous popular Chrome extensions, affecting millions of users worldwide by exposing sensitive credentials such as API keys, secrets, and tokens directly within their source code. This alarming oversight in modern development practices has left digital doors wide open for cyber attackers to exploit, potentially leading to data…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Announcing our Series A – Impart Security
Tags: ai, api, application-security, attack, ceo, ciso, cloud, cve, defense, detection, framework, healthcare, infrastructure, monitoring, risk, saas, technology, threat, tool, vulnerability, wafToday, we’re announcing our $12 million Series A led by Madrona. This funding represents more than capital”, it validates our solution to what I call the ‘last mile problem’ in application security. Here’s a scenario every security professional will recognize: Your team demos an impressive application security tool that catches sophisticated attacks in real-time. The…
-
Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials
Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks.”Several widely used extensions […] unintentionally transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the Symantec’s Security Technology and Response First…
-
Meet Escape Copilot: Automate App and Scan Management via MCP
Tags: apiMeet Escape Copilot. Powered by the MCP over the Escape Public API, it helps you boost productivity and get more done with less context switching inside Escape. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/meet-escape-copilot-automate-app-and-scan-management-via-mcp/
-
Supply chain attack hits RubyGems to steal Telegram API data
Risk may extend past the regional ban: The malicious packages (Gems) were published by the threat actor on May 24, 2025, three days after Vietnam’s Ministry of Information and Communications ordered a nationwide ban on Telegram and gave internet service providers until June 2 to report compliance.Apart from the timing, the aliases used by the…
-
Addressing API Security with NIST SP 800-228
According to the Wallarm Q1 2025 ThreatStats report, 70% of all application attacks target APIs. The industry can no longer treat API security as a sidenote; it’s time to treat it as the main event. NIST seems to be on board with this view, releasing the initial public draft of NIST SP 800-228, a set…
-
Securing Against Attacks: How WAF Rate Limiting Works
Rate limiting plays a major role in application security, especially when it is about defending web applications from malicious bot attacks, credential stuffing, brute force attacks and excessive API calls. Rate limiting security ensures that systems function properly without overwhelming them. It controls the number of requests a client or a specific IP address can……
-
What the Arc Browser Story Reveals About the Future of Browser Security
By Dakshitaa Babu, Security Researcher, SquareX In a candid letter that Joshua Miller, CEO of Arc Browser, wrote to the community, he revealed a truth the tech industry has been dancing around: “the dominant operating system on desktop wasn’t Windows or macOS anymore”Š”, “Šit was the browser.” The evidence is everywhere”Š”, “Šcloud revenue surging year…
-
Umfassender und von Gartner bestätigter Schutz für Web-Anwendungen und APIs
Check Point Software Technologies gibt bekannt, dass die wichtigsten Anforderungen des aktuellen Gartner-Market-Guide for Cloud-Web-Application and API-Protection (WAAP) erfüllt. Die cloudnative Lösung bietet eine KI-gestützte Sicherheitsarchitektur, die moderne Web-Anwendungen und APIs umfassend schützt von der Entwicklung über den Betrieb bis zur automatisierten Bedrohungsabwehr. In einer zunehmend komplexen Bedrohungslandschaft reichen traditionelle Signatur-basierte WAF-Lösungen […] First seen…
-
Google Unveils Gemini Nano for On-Device AI in Android Apps
Gemini Nano APIs empower Android developers with on-device AI features like summarization, proofreading, and enhanced privacy. Get started today! First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/google-unveils-gemini-nano-for-on-device-ai-in-android-apps/
-
Malicious PyPI, npm, and Ruby Packages Exposed in Ongoing Open-Source Supply Chain Attacks
Several malicious packages have been uncovered across the npm, Python, and Ruby package repositories that drain funds from cryptocurrency wallets, erase entire codebases after installation, and exfiltrate Telegram API tokens, once again demonstrating the variety of supply chain threats lurking in open-source ecosystems.The findings come from multiple reports published by Checkmarx, First seen on thehackernews.com…