Security News

95% of respondents surveyed by Fastly said they had experienced API security problems in the last twelve months. "The results of our survey show that decision-makers know that increased reliance on APIs creates a risk of serious cyberattacks. But so far they are not doing enough about it. This is surprising given that the operational and reputational cost of a breach far outweighs the price of deploying a consolidated web application and API security solution from a single provider," said Jay Coley, Senior Security Architect at Fastly.

Commerce is the most attacked vertical with 44% of API attacks, followed by business services at nearly 32%. APIs are vital to most organizations because they improve both employee and customer experiences. Cybercriminals have leveraged this digital innovation and the rapid expansion of the API economy to create new opportunities for exploitation.

Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in...

API integrations often handle sensitive data, such as employees' personally identifiable information, companies' financial information, or even clients' payment card data. Taking these measures will only grow in importance since more and more organizations are looking to build customer-facing API integrations.

In 2024, API requests accounted for 57% of dynamic internet traffic around the globe, according to the Cloudflare 2024 API Security & Management Report, confirming that APIs are a crucial component of modern software development. Poor API security practices can also have regulatory and legal consequences, cause disruption to company operations and even result in intellectual property theft.

A publicly exposed API of social media platform Spoutible may have allowed threat actors to scrape information that can be used to hijack user accounts. The problem with the Spoutible API. Security consultant Troy Hunt has been tipped off about the API by an individual who shared a file with 207,000 Spoutible user records - supposedly scraped via the API - and an URL that would allow Hunt to do the same with his own account.

The exposed secrets include hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks. This approach shows how and where API secret keys and tokens are exposed in real-world settings, not only in code repositories.

Key ways to manage shadow APIs entail API documentation and inventory, API Discovery, API validation, and comprehensive visibility into the security of API endpoints. This requires a solid process for publishing APIs with proper documentation which records how the API behaves and how it interacts with other APIs.

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat. "The campaign deploys a benign container generated using...

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. In a conversation with emo, BleepingComputer learned that a publicly exposed API was used to associate email addresses with public Trello profiles.