Deleted Google API keys keep working for up to 23 minutes, researchers warn 2026-05-22 at 15:08 By Zeljka Zorz Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if […]
Deleted Google API keys keep working for up to 23 minutes, researchers warn Read More »
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) 2026-03-23 at 13:50 By Zeljka Zorz Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The company did not say whether the vulnerability has been exploited as a zero-day, but
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992) Read More »
Google limits Android accessibility API to curb malware abuse 2026-03-19 at 13:32 By Anamarija Pogorelec Google is restricting how Android apps can use accessibility features after years of abuse by banking Trojans and mobile malware. The changes, introduced in Android 17.2, limit access to the accessibility API when Advanced Protection Mode (APM) is enabled. Apps
Google limits Android accessibility API to curb malware abuse Read More »
Your APIs are under siege, and attackers are just getting warmed up 2026-03-19 at 07:21 By Anamarija Pogorelec Internet-facing systems are handling sustained levels of malicious traffic across APIs, web applications, and DDoS channels. Akamai’s State of the Internet security report places these patterns within the same operating environment, with activity increasing across each area
Your APIs are under siege, and attackers are just getting warmed up Read More »
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore 2026-01-21 at 14:15 By Kevin Townsend API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders. The post Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore appeared first on SecurityWeek. This
Cyber Insights 2026: API Security – Harder to Secure, Impossible to Ignore Read More »
Treating MCP like an API creates security blind spots 2025-12-01 at 09:06 By Mirko Zorz In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how
Treating MCP like an API creates security blind spots Read More »
Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s
Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »
Protecting mobile privacy in real time with predictive adversarial defense 2025-11-14 at 09:25 By Sinisa Markovic Mobile sensors are everywhere, quietly recording how users move, tilt, or hold their phones. The same data that powers step counters and activity trackers can also expose personal details such as gender, age, or even identity. A new study
Protecting mobile privacy in real time with predictive adversarial defense Read More »
APIs and hardware are under attack, and the numbers don’t look good 2025-09-24 at 08:35 By Sinisa Markovic Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are climbing fast, even as website flaws hold steady. The shift
APIs and hardware are under attack, and the numbers don’t look good Read More »
API Security Firm Wallarm Raises $55 Million 2025-07-31 at 16:02 By Eduard Kovacs Wallarm has raised money in a Series C funding round led by Toba Capital, which brings the total raised by the company to over $70 million. The post API Security Firm Wallarm Raises $55 Million appeared first on SecurityWeek. This article is
API Security Firm Wallarm Raises $55 Million Read More »
Autoswagger: Open-source tool to expose hidden API authorization flaws 2025-07-24 at 11:57 By Help Net Security Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises with mature security teams, and are especially dangerous because they can be exploited with little technical
Autoswagger: Open-source tool to expose hidden API authorization flaws Read More »
CISOs urged to fix API risk before regulation forces their hand 2025-07-08 at 07:33 By Mirko Zorz Most organizations are exposing sensitive data through APIs without security controls in place, and they may not even realize it, according to Raidiam. Their report, API Security at a Turning Point, draws on a detailed assessment of 68
CISOs urged to fix API risk before regulation forces their hand Read More »
Identifying high-risk APIs across thousands of code repositories 2025-06-12 at 16:02 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from code before
Identifying high-risk APIs across thousands of code repositories Read More »
How to find out if your AI vendor is a security risk 2025-04-10 at 08:31 By Help Net Security One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information
How to find out if your AI vendor is a security risk Read More »
The API security crisis and why businesses are at risk 2025-02-05 at 06:30 By Help Net Security In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks.
The API security crisis and why businesses are at risk Read More »
89% of AI-powered APIs rely on insecure authentication mechanisms 2025-01-30 at 06:33 By Help Net Security APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer
89% of AI-powered APIs rely on insecure authentication mechanisms Read More »
API security blind spots put businesses at risk 2024-12-24 at 06:03 By Help Net Security Many customer-facing APIs remain unprotected, leaving businesses vulnerable to breaches. To address these threats, a comprehensive approach to API security, covering every stage of the lifecycle, is essential to protect sensitive data and prevent exploitation. In this article, you will
API security blind spots put businesses at risk Read More »
Exposed APIs and issues in the world’s largest organizations 2024-12-12 at 06:32 By Help Net Security In this Help Net Security video, Tristan Kalos, CEO of Escape, discusses the results of its 2024 State of API Exposure report. The study highlights significant API security gaps affecting Fortune 1000 organizations, with over 28,500 exposed APIs and
Exposed APIs and issues in the world’s largest organizations Read More »
AI’s impact on the future of web application security 2024-11-15 at 07:33 By Mirko Zorz In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are
AI’s impact on the future of web application security Read More »
How AI will shape the next generation of cyber threats 2024-11-07 at 08:08 By Mirko Zorz In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses
How AI will shape the next generation of cyber threats Read More »