Tag: api

Rogue MCP servers can take over Cursor’s built-in browser

Nov 13, 2025 3:49 PM

Tags: access, ai, api, attack, computer, control, data, defense, github, pypi, vulnerability

Defenses: Organizations must review and control, both through policy and access controls, the IDE extensions and MCP servers their developers use. They should do this just like they should be vetting application dependencies from package registries such as npm or PyPI to prevent the compromise of developer machines or inheriting vulnerabilities in their code.Attackers are…
OWASP Top 10 Business Logic Abuse: What You Need to Know

Nov 13, 2025 1:49 PM

Tags: api, breach, business, compliance, data, infrastructure, PCI

Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams up to the reality that APIs are the front door to their data, infrastructure, and revenue streams. OWASP recently published its…
What CISOs need to know about new tools for securing MCP servers

Nov 13, 2025 8:49 AM

Tags: access, ai, api, attack, authentication, ciso, cloud, communications, compliance, control, corporate, credentials, data, detection, dns, email, framework, google, governance, identity, incident response, infrastructure, injection, leak, least-privilege, malicious, microsoft, monitoring, network, open-source, risk, service, technology, threat, tool, unauthorized, vmware, vulnerability, zero-trust

What to look for in an MCP security platform: Whether a company connects their own agents to third-party MCP servers, their own MCP servers to third-party agents, or their own servers to their own agents, there’s going to be the potential for data leakage, prompt injections and other security threats.That means companies will need to…
What CISOs need to know about new tools for securing MCP servers

Nov 13, 2025 8:49 AM

Tags: access, ai, api, attack, authentication, ciso, cloud, communications, compliance, control, corporate, credentials, data, detection, dns, email, framework, google, governance, identity, incident response, infrastructure, injection, leak, least-privilege, malicious, microsoft, monitoring, network, open-source, risk, service, technology, threat, tool, unauthorized, vmware, vulnerability, zero-trust

What to look for in an MCP security platform: Whether a company connects their own agents to third-party MCP servers, their own MCP servers to third-party agents, or their own servers to their own agents, there’s going to be the potential for data leakage, prompt injections and other security threats.That means companies will need to…
NDSS 2025 MALintent: Coverage Guided Intent Fuzzing Framework For Android

Nov 12, 2025 7:49 PM

Tags: android, api, conference, framework, google, Internet, network, open-source, oracle, privacy, vulnerability

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Ammar Askar (Georgia Institute of Technology), Fabian Fleischer (Georgia Institute of Technology), Christopher Kruegel (University of California, Santa Barbara), Giovanni Vigna (University of California, Santa Barbara), Taesoo Kim (Georgia Institute of Technology) PAPER MALintent: Coverage Guided Intent Fuzzing Framework for Android Intents are the primary…
AI-Sicherheit: Fast alle LLMs leaken private API-Keys auf Github; ChatGPT hat Schwachstellen

Nov 12, 2025 6:49 PM

Tags: ai, api, chatgpt, Internet, LLM, vulnerability

AI bzw. der Gebrauch von Sprachmodellen (LLMs) wie ChatGPT ist ja Dauerthema angeblich so wichtig wie geschnitten Brot. Insidern ist klar, dass diese Technologie die größte Gefahr für Daten-und Unternehmenssicherheit seit Einführung des Internet ist. Mir sind zwei Informationssplitter … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/12/ai-llms-die-grossen-leaker-der-zukunft/
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threat

Nov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023 FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, best-practice, breach, ceo, cloud, cyber, cybersecurity, data, defense, detection, office, open-source, risk, strategy, vulnerability

Nov 11, 2025 – Jeremy Snyder – On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security – what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and…
FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023 FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, best-practice, breach, ceo, cloud, cyber, cybersecurity, data, defense, detection, office, open-source, risk, strategy, vulnerability

Nov 11, 2025 – Jeremy Snyder – On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security – what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and…
Introduction to REST API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, authentication, best-practice, business, cloud, control, data, data-breach, ddos, detection, encryption, finance, firewall, group, identity, infrastructure, monitoring, network, password, radius, risk, service, technology, threat, tool, update, vulnerability

Nov 11, 2025 – Jeremy Snyder – A common analogy for APIs is that they are LEGO blocks, or more specifically, APIs are the little studs and slots that allow you to attach LEGO pieces to each other and build something bigger than any individual piece. The LEGO pieces in this analogy would be individual…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
Introducing FireTail: Making API Security as Simple as Import, Setup, Done FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, breach, cloud, control, data, detection, malicious, network, open-source, tool, update

Nov 11, 2025 – – FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December…
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerability

Nov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
moveIT a series of breaches, all enabled by APIs FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, authentication, breach, cloud, cve, data, endpoint, flaw, germany, identity, injection, malicious, moveIT, remote-code-execution, software, sql, vulnerability

Nov 11, 2025 – Jeremy Snyder – In mid-2023, a software vulnerability was discovered in a file transfer application known as moveIT. Because of the application’s popularity, numerous companies and organizations have found themselves vulnerable to the breach. This blog post will attempt to explain the vulnerability, map out the kill chain (also sometimes called…
API Security: Bridging the Gap Between Application and Security Teams FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, awareness, breach, business, cctv, ciso, cloud, crypto, cyber, cybersecurity, data, data-breach, dns, email, finance, flaw, group, incident response, microsoft, monitoring, network, phone, ransom, risk, security-incident, service, software, strategy, technology, threat, tool, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital economy. Business needs demand speed. Engineers constantly…
Exploring the Pros and Cons of Web Application Firewalls (WAFs) FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, authentication, breach, business, cloud, communications, control, data, detection, exploit, firewall, infection, injection, jobs, malicious, malware, network, open-source, programming, risk, software, sql, threat, unauthorized, update, vulnerability, waf, zero-day

Nov 11, 2025 – Jeremy Snyder – Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 according to the 2022 Verizon DBIR,…
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threat

Nov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
Introducing FireTail: Making API Security as Simple as Import, Setup, Done FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, breach, cloud, control, data, detection, malicious, network, open-source, tool, update

Nov 11, 2025 – – FireTail is on a mission to secure the world’s APIs by making API security as simple as import, setup, done. We officially launched the company back in February 2022 with a passion for helping organizations secure their APIs as they grow their cloud presence. As of the beginning of December…
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerability

Nov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
FireTail Raises $5M to Accelerate API Security, Led by Paladin Capital Group FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, attack, breach, ceo, cloud, cyber, data, government, group, Internet, linkedin, network, office, programming, technology, threat, usa

Nov 11, 2025 – James Fulton – McLean, Va. Dec. 14, 2022, FireTail Inc, a disruptor in API security, announced today it has closed $5 million in early stage financing led by Paladin Capital Group, with participation from Zscaler, General Advance, Secure Octane, and a cadre of high-profile cyber security executives including SentinelOne VP of…
FireTail CEO, Jeremy Snyder, Set to Present at UK Cyber Week 2023 FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, attack, best-practice, breach, ceo, cloud, cyber, cybersecurity, data, defense, detection, office, open-source, risk, strategy, vulnerability

Nov 11, 2025 – Jeremy Snyder – On April 5, 2023, during UK Cyber Week, our CEO Jeremy Snyder will present, “API security – what is it, why you should care, and how to protect your org”. The session, part of the OT & IT Cyber Security track, will explore the rise of APIs and…
Exploring the Pros and Cons of Web Application Firewalls (WAFs) FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, authentication, breach, business, cloud, communications, control, data, detection, exploit, firewall, infection, injection, jobs, malicious, malware, network, open-source, programming, risk, software, sql, threat, unauthorized, update, vulnerability, waf, zero-day

Nov 11, 2025 – Jeremy Snyder – Over the last few years, web application attacks have become one of the leading causes of data breaches, making web application security increasingly important for overall security posture. In fact, web application attacks were involved in 26% of all breaches in 2022 according to the 2022 Verizon DBIR,…
API Security: Bridging the Gap Between Application and Security Teams FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, awareness, breach, business, cctv, ciso, cloud, crypto, cyber, cybersecurity, data, data-breach, dns, email, finance, flaw, group, incident response, microsoft, monitoring, network, phone, ransom, risk, security-incident, service, software, strategy, technology, threat, tool, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital economy. Business needs demand speed. Engineers constantly…
CYFIRMA FireTail: Working Together for Complete Visibility and Robust API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: ai, api, attack, cloud, cyber, data, detection, intelligence, leak, ml, open-source, risk, saas, threat, vulnerability

Nov 11, 2025 – Alan Fagan – CYFIRMA is an external threat landscape management platform that combines cyber intelligence with attack surface discovery and digital risk protection to deliver early warning, personalized, contextual, outside-in, and multi-layered insights. The company’s cloud-based AI and ML-powered analytics platforms provide deep insights into the external cyber landscape, helping clients…
Introduction to REST API Security FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, authentication, best-practice, business, cloud, control, data, data-breach, ddos, detection, encryption, finance, firewall, group, identity, infrastructure, monitoring, network, password, radius, risk, service, technology, threat, tool, update, vulnerability

Nov 11, 2025 – Jeremy Snyder – A common analogy for APIs is that they are LEGO blocks, or more specifically, APIs are the little studs and slots that allow you to attach LEGO pieces to each other and build something bigger than any individual piece. The LEGO pieces in this analogy would be individual…
API Security: Bridging the Gap Between Application and Security Teams FireTail Blog

Nov 11, 2025 2:20 PM

Tags: access, api, application-security, attack, awareness, breach, business, cctv, ciso, cloud, crypto, cyber, cybersecurity, data, data-breach, dns, email, finance, flaw, group, incident response, microsoft, monitoring, network, phone, ransom, risk, security-incident, service, software, strategy, technology, threat, tool, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – API Security: Why the Gap Developers and security professionals have different concerns and motivations. It’s easy to see why gaps emerge. The ability to quickly ship new products, features or functionality is a real source of competitive advantage in the digital economy. Business needs demand speed. Engineers constantly…
FireTail Names Timo Rüppell as Vice President of Product FireTail Blog

Nov 11, 2025 2:20 PM

Tags: api, application-security, attack, breach, cloud, compliance, cybersecurity, detection, Internet, office, privacy, security-incident, startup, technology, threat

Nov 11, 2025 – Jeremy Snyder – McLean, Va. – Jan. 24, 2023 – FireTail Inc., a disruptor in API security, today announced the appointment of Timo Rüppell to the executive leadership team as Vice President of Product. In conjunction with bringing Rüppell on board, FireTail also opened a new company office in Helsinki, Finland.…
IDOR Attacks and the Growing Threat to Your API Security FireTail Blog

Nov 11, 2025 12:20 PM

Tags: access, advisory, api, attack, authentication, banking, best-practice, breach, business, cisa, cloud, cyber, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, group, hacker, identity, india, infrastructure, insurance, leak, office, open-source, risk, strategy, theft, threat, unauthorized, vulnerability

Nov 11, 2025 – Jeremy Snyder – IDOR Attacks: Common And Deadly IDOR attacks, or Insecure Direct Object Reference (IDOR) attacks, are one of the most common and costly forms of API breach. In an IDOR attack, hackers directly reference internal objects in a web application that uses APIs1. IDOR attacks specific to APIs consist…