Security News
APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori...
70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now...
Organizations are losing between $94 - $186 billion annually to vulnerable or insecure APIs (Application Programming Interfaces) and automated abuse by bots. That’s according to The Economic...
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the...
Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled...
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is...
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...
Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. 35% of exposed API keys still active, posing major security risks.
Nightfall AI's research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Companies who have embraced modern cloud, SaaS and GenAI environments have only just begun to uncover the hidden risks of secret sprawl, which occurs when sensitive information like API keys or passwords are spread to apps, files and messages where they don't belong.
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. Known only by their 'emo' handle, they said the unsecured API endpoint used to steal the data provided an easy way to verify each impacted user's email address, name, and phone number. According to the threat actor, Life360 has since fixed the API flaw, and additional requests now return a placeholder phone number.