#apisecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #apisecurity, aggregated by home.social.
-
📰 Trump Mobile API Flaw Exposes Personal Data of 27,000 Smartphone Pre-Order Customers
⚠️ Trump Mobile confirms data leak affecting 27,000 T1 smartphone pre-orders. An unprotected API exposed customer names, addresses, and phone numbers. The company is investigating the security flaw. #DataBreach #APIsecurity #Privacy
🌐 cyber[.]netsecops[.]io
-
The Architecture of Inbox Defense: SEG vs. API Integration
Companies now use two types of tools to protect email: SEG and API. This helps stop more threats. Learn how it works.
#EmailSecurity, #Cybersecurity, #SEG, #APIsecurity, #TechNews
https://newsletter.tf/email-security-seg-api-tools-work-together/
-
Companies are using a new two-part system for email security, combining SEG and API tools. This is a big change from just using one tool.
#EmailSecurity, #Cybersecurity, #SEG, #APIsecurity, #TechNews
https://newsletter.tf/email-security-seg-api-tools-work-together/ -
Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and…
#ApiSecurity #MilitaryTraining #DefenseContractor #DataExposure #EmergingThreats
-
https://www.europesays.com/ie/467202/ Cloudflare warns of AI code review prompt injection #AIEthics&Governance #AISafety #AiSecurity #APISecurity #ApplicationSecurity #AppSec #ArtificialIntelligence(AI) #CloudSecurity #Cloudflare #Cybersecurity #DevSecOps #Éire #IE #Ireland #javascript #LargeLanguageModels(LLMs) #MachineLearning(ML) #RedTeaming #RiskManagement #SourceCode #SupplyChainSecurity #Technology #ThreatIntelligence #VirtualPrivateNetworks(VPNs)
-
🚨 Logged in ≠ authorized.
That’s how API breaches happen.
👉 https://7asecurity.com/blog/2026/03/api-security-assessment-guide/ -
The Hidden Risk in AI: It’s Not the Model, It’s What It’s Connected To
https://youtu.be/t4Ri-69XPBY #ArtificialIntelligence #Cybersecurity #AISecurity #AIThreats #MachineLearning #DataSecurity #EnterpriseSecurity #InfoSec #AITools #AIGovernance #ZeroTrust #CloudSecurity #APISecurity -
The Hidden Risk in AI: It’s Not the Model, It’s What It’s Connected To
https://youtu.be/t4Ri-69XPBY #ArtificialIntelligence #Cybersecurity #AISecurity #AIThreats #MachineLearning #DataSecurity #EnterpriseSecurity #InfoSec #AITools #AIGovernance #ZeroTrust #CloudSecurity #APISecurity -
The Hidden Risk in AI: It’s Not the Model, It’s What It’s Connected To
https://youtu.be/t4Ri-69XPBY #ArtificialIntelligence #Cybersecurity #AISecurity #AIThreats #MachineLearning #DataSecurity #EnterpriseSecurity #InfoSec #AITools #AIGovernance #ZeroTrust #CloudSecurity #APISecurity -
The Hidden Risk in AI: It’s Not the Model, It’s What It’s Connected To
https://youtu.be/t4Ri-69XPBY #ArtificialIntelligence #Cybersecurity #AISecurity #AIThreats #MachineLearning #DataSecurity #EnterpriseSecurity #InfoSec #AITools #AIGovernance #ZeroTrust #CloudSecurity #APISecurity -
The Hidden Risk in AI: It’s Not the Model, It’s What It’s Connected To
https://youtu.be/t4Ri-69XPBY #ArtificialIntelligence #Cybersecurity #AISecurity #AIThreats #MachineLearning #DataSecurity #EnterpriseSecurity #InfoSec #AITools #AIGovernance #ZeroTrust #CloudSecurity #APISecurity -
API abuse = misuse of trust, not system compromise.
“Early-stage API attacks are often subtle and blend into normal operations.”
“Automation amplifies every attack. Bots can enumerate endpoints… faster than humans could.” -
API abuse = misuse of trust, not system compromise.
“Early-stage API attacks are often subtle and blend into normal operations.”
“Automation amplifies every attack. Bots can enumerate endpoints… faster than humans could.” -
API abuse = misuse of trust, not system compromise.
“Early-stage API attacks are often subtle and blend into normal operations.”
“Automation amplifies every attack. Bots can enumerate endpoints… faster than humans could.” -
API abuse = misuse of trust, not system compromise.
“Early-stage API attacks are often subtle and blend into normal operations.”
“Automation amplifies every attack. Bots can enumerate endpoints… faster than humans could.” -
Bearer tokens are reusable. That’s the problem.
In Quarkus 3.32 you can now implement a custom DPoPNonceProvider and stop OAuth token replay attacks properly.
I built a full end-to-end example with:
- DPoP-bound tokens
- Nonce challenge-response
- Replay protection
- Keycloak Dev ServicesFull walkthrough:
https://www.the-main-thread.com/p/quarkus-3-32-dpop-nonce-provider-java-replay-protection -
BREAKING: API credential theft is now #2 cause of data breaches. Attackers automate: GitHub scan → AWS key discovery → S3 exfiltration in 8 minutes.
Your org probably has 50+ exposed secrets right now. I wrote a free audit guide with step-by-step detection + remediation.
https://tiamat.live/scrub?ref=mastodon-api-credentials #InfoSec #APISecurity #DevSecOps
-
Bluspark’s shipping platform exposed sensitive data via unauthenticated APIs.
• Plaintext passwords
• Admin account creation
• Shipment records back to 2007What’s your approach to securing APIs in complex supply chains?
-
Broken object-level auth, SSRF, missing rate limits — Java APIs fail in predictable ways. This step-by-step guide by @mezoCode maps each #OWASP #API flaw to a working #Java solution.
Essential read for secure backends: https://javapro.io/2025/11/12/mastering-api-security-in-java-owasp-best-practices/
-
🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: https://radar.offseq.com/threat/cve-2025-13915-cwe-305-authentication-bypass-by-pr-11cca0f4 #OffSeq #IBM #Infosec #APIsecurity #CVE202513915
-
🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: https://radar.offseq.com/threat/cve-2025-13915-cwe-305-authentication-bypass-by-pr-11cca0f4 #OffSeq #IBM #Infosec #APIsecurity #CVE202513915
-
🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: https://radar.offseq.com/threat/cve-2025-13915-cwe-305-authentication-bypass-by-pr-11cca0f4 #OffSeq #IBM #Infosec #APIsecurity #CVE202513915
-
🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: https://radar.offseq.com/threat/cve-2025-13915-cwe-305-authentication-bypass-by-pr-11cca0f4 #OffSeq #IBM #Infosec #APIsecurity #CVE202513915
-
Do you need a cloud #SIEM? ☁️ 🤔 As #security for your org matures, a cloud SEIM can give you the ability to analyze and correlate more data for better insights. The benefits of a cloud SIEM include:
☑️ Flexibility
☑️ Scalability
☑️ Cost-effectiveness
☑️ Integrations
☑️ AutomationLearn about the different cloud SIEM deployment models, best practices for getting started with a cloud SIEM, and more — in our latest blog!
https://graylog.org/post/why-a-cloud-siem-just-makes-sense/ #CyberSecurity #APISecurity
-
Treating MCP like an API creates security blind spots https://www.helpnetsecurity.com/2025/12/01/michael-yaroshefsky-mcp-manager-mcp-security-gaps/ #Artificialintelligence #identitymanagement #securitycontrols #cybersecurity #APIsecurity #compliance #MCPManager #Don'tmiss #Features #Hotstuff #servers #News
-
OpenAI confirmed that limited API-user data was exposed through a breach at its previous analytics provider, Mixpanel. The dataset included names, emails, coarse location, user/organization IDs, and technical metadata — but no chats, passwords, API keys, or payment data.
Researchers noted that sending identifiable data to analytics tools isn’t aligned with typical security best practices.
What’s your view on data minimization in analytics pipelines?
Source: https://cybernews.com/security/openai-mixpanel-cybersecurity-incident-breach/
Share your thoughts - and follow us for more updates.
#InfoSec #CyberSecurity #DataPrivacy #OpenAI #Mixpanel #APISecurity #DataBreach #VendorSecurity #ThreatIntel #SecurityEngineering #TechNews
-
APIs don’t usually break in spectacular, cinematic ways. They break in the dull corners where “make it easy for users” quietly beats “make it hard for attackers.” WhatsApp’s contact discovery API is a perfect example: a feature designed to help you find friends could be stretched to map billions of users. If someone can ask your system the same harmless question millions of times an hour, the question isn’t harmless anymore.
In this case, researchers showed that with a few authenticated sessions and a single university server, they could probe over 100 million phone numbers per hour and confirm roughly 3.5 billion active WhatsApp accounts. From there, they chained additional endpoints to fetch profile photos, public bios, and device info—no zero-days, no wizardry — just missing rate limits and weak abuse detection. The uncomfortable part is that this isn’t an outlier; it’s a pattern that keeps reappearing on platforms that were never meant to expose anything sensitive at all.
TL;DR
🧠 Contact discovery APIs let researchers map 3.5B active WhatsApp accounts from a massive pool of phone numbers.
⚡ A few sessions on one server pushed tens of millions of checks per hour without being throttled or blocked.
🎓 Public metadata like photos and about text turns a phone number into a rich target for phishing and impersonation.
🔍 Treat every lookup endpoint as part of your threat model and bake in rate limits, anomaly detection, and abuse-resistant design from day one.#APISecurity #CyberSecurity #DataProtection #PrivacyTech #security #privacy #cloud #infosec
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks https://www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/ #vulnerability #APIsecurity #Perplexity #Don'tmiss #agenticAI #Hotstuff #research #browser #SquareX #News #AI
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks https://www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/ #vulnerability #APIsecurity #Perplexity #Don'tmiss #agenticAI #Hotstuff #research #browser #SquareX #News #AI
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks https://www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/ #vulnerability #APIsecurity #Perplexity #Don'tmiss #agenticAI #Hotstuff #research #browser #SquareX #News #AI
-
Security gap in Perplexity’s Comet browser exposed users to system-level attacks https://www.helpnetsecurity.com/2025/11/20/perplexity-comet-browser-security-mcp-api/ #vulnerability #APIsecurity #Perplexity #Don'tmiss #agenticAI #Hotstuff #research #browser #SquareX #News #AI
-
Need to know what's new in Graylog 7.0? We got ya. You can now watch our latest webinar on-demand! 📺 👀 Get all the highlights from Grayloggers Seth Goldhammer and Ed Metcalf, now. Watch and learn about:
👉 How #AI dashboard summarization & drill-downs speed investigations
👉 Using detection chains & asset risk history to surface real threats faster
👉 Guided response from notifications to triage in one click
👉 New dashboard UX: bottom-added widgets, row numbers, widget drill-downs, & threshold lines
👉 External data lakes: preview & selectively ingest from AWS Security Lake
👉 Collections for sharing searches, dashboards, & content across teams
👉 MCP server support for conversational ops and data analysisSee how 7.0 turns chaos into clarity—without blowing your budget. 💰
https://graylog.org/resources/whats-new-in-graylog-7-0/ #CyberSecurity #LogManagement #SIEM #APISecurity
-
Protecting mobile privacy in real time with predictive adversarial defense https://www.helpnetsecurity.com/2025/11/14/research-real-time-mobile-privacy-protection/ #APIsecurity #smartphones #Don'tmiss #framework #research #privacy #mobile #News
-
Our 7.0 Fall ’25 release is built to make every analyst faster and every decision clearer. 👓 ✨ 🙌 Join us TOMORROW for a live, 30-minute walkthrough that will cover:
🤝 MCP integration for #AI collaboration
🎛️ New dashboard thresholds, drill-downs, and text widgets
🤖 AI dashboard summarization
...and more!This is your chance to join Grayloggers Seth Goldhammer and Ed Metcalf on Nov. 12th at 11AM ET and get all your burning questions answered. 🔥
Register: https://graylog.org/webinar/ #CyberSecurity #SIEM #APISecurity #LogManagement
-
Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:
1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use casesRead on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.
https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations
-
Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:
1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use casesRead on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.
https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations
-
Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:
1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use casesRead on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.
https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations
-
Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:
1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use casesRead on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.
https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations
-
Are you working on building an efficient SOC? We can help! 🙌 It's important to start by developing a strategy—as your #security goals must align with business objectives. 💡 In our latest blog, we outline and detail 7 key steps to follow for SOC success. ⭐ They include:
1️⃣ Developing the strategy
2️⃣ Designing the solution
3️⃣ Developing processes, procedures, & training
4️⃣ Investing in tools & services to fill gaps
5️⃣ Preparing your environment
6️⃣ Implementing the solution
7️⃣ Deploying end-to-end use casesRead on to learn more about these 7 key steps along with roles and responsibilities of SOC team members, and more.
https://graylog.org/post/7-steps-to-an-efficient-security-operations-center-design/ #CyberSecurity #SIEM #TDIR #APISecurity #SecurityOperations
-
On-tap for today we have... detection chains! 🔎⛓️💥 On your #Graylog Security Events page, there is a new badge for events that are detection chains—or as we like to call them "attack campaigns".
Wondering what a detection chain looks like in #Graylog? 🤔 Rich Murphy, Director of Product Management for #Security at Graylog, will show you. 👀👇
https://www.youtube.com/watch?v=tCM_8SEXUuw #CyberSecurity #SIEM #APISecurity
-
Graylog 7.0 is here and it's hot. 🔥 It's got:
🤖 Explainable AI
➡️ Guided investigation workflows
📊 Smarter dashboards that turn noise into actionJoin Seth Goldhammer and Ed Metcalf on Wed. Nov. 12th at 11AM ET to learn all about the Fall ’25 release. In this 20-minute live demo + 10-minute Q&A, they'll talk about AI dashboard summarization, event procedures and guided remediation, AWS Security data lake integration, and more.
👀 See for yourself how Graylog 7.0 delivers faster insights, lower costs, and trusted AI that keeps people — not algorithms — in control!
Register: https://graylog.org/webinar/ #CyberSecurity #SIEM #APISecurity #LogManagement
-
Welcome to November, the end of daylight savings time, and everything "T-Day" for the next four weeks! In the spirit of this month we've got a feast of new features, a cornucopia of new capabilities and a banquet of breakthroughs to share with you. 🦃 🫵 Introducing #Graylog 7.0! 🎊
Let's take a look at the new improvements across dashboards, automation, and #AI support. There are four key ingredients in this 7.0 #Thanksgiving feast:
💡 Smarter Dashboards that deliver faster, more meaningful insights
🛠️ Guided Remediation that ensures consistent, reliable action
💲 Cost-efficient Data Lake Integration that simplifies cloud management
🤝 Native MCP Support that brings intelligent collaboration to every investigationReady to learn more? Take a look at the menu and more, in this article by Seth Goldhammer.
https://graylog.org/post/gobbling-up-insights-graylog-7-0-serves-up-a-feast/ #CyberSecurity #SIEM #APISecurity #TDIR
-
Welcome to November, the end of daylight savings time, and everything "T-Day" for the next four weeks! In the spirit of this month we've got a feast of new features, a cornucopia of new capabilities and a banquet of breakthroughs to share with you. 🦃 🫵 Introducing #Graylog 7.0! 🎊
Let's take a look at the new improvements across dashboards, automation, and #AI support. There are four key ingredients in this 7.0 #Thanksgiving feast:
💡 Smarter Dashboards that deliver faster, more meaningful insights
🛠️ Guided Remediation that ensures consistent, reliable action
💲 Cost-efficient Data Lake Integration that simplifies cloud management
🤝 Native MCP Support that brings intelligent collaboration to every investigationReady to learn more? Take a look at the menu and more, in this article by Seth Goldhammer.
https://graylog.org/post/gobbling-up-insights-graylog-7-0-serves-up-a-feast/ #CyberSecurity #SIEM #APISecurity #TDIR
-
Welcome to November, the end of daylight savings time, and everything "T-Day" for the next four weeks! In the spirit of this month we've got a feast of new features, a cornucopia of new capabilities and a banquet of breakthroughs to share with you. 🦃 🫵 Introducing #Graylog 7.0! 🎊
Let's take a look at the new improvements across dashboards, automation, and #AI support. There are four key ingredients in this 7.0 #Thanksgiving feast:
💡 Smarter Dashboards that deliver faster, more meaningful insights
🛠️ Guided Remediation that ensures consistent, reliable action
💲 Cost-efficient Data Lake Integration that simplifies cloud management
🤝 Native MCP Support that brings intelligent collaboration to every investigationReady to learn more? Take a look at the menu and more, in this article by Seth Goldhammer.
https://graylog.org/post/gobbling-up-insights-graylog-7-0-serves-up-a-feast/ #CyberSecurity #SIEM #APISecurity #TDIR
-
Welcome to November, the end of daylight savings time, and everything "T-Day" for the next four weeks! In the spirit of this month we've got a feast of new features, a cornucopia of new capabilities and a banquet of breakthroughs to share with you. 🦃 🫵 Introducing #Graylog 7.0! 🎊
Let's take a look at the new improvements across dashboards, automation, and #AI support. There are four key ingredients in this 7.0 #Thanksgiving feast:
💡 Smarter Dashboards that deliver faster, more meaningful insights
🛠️ Guided Remediation that ensures consistent, reliable action
💲 Cost-efficient Data Lake Integration that simplifies cloud management
🤝 Native MCP Support that brings intelligent collaboration to every investigationReady to learn more? Take a look at the menu and more, in this article by Seth Goldhammer.
https://graylog.org/post/gobbling-up-insights-graylog-7-0-serves-up-a-feast/ #CyberSecurity #SIEM #APISecurity #TDIR
-
Welcome to November, the end of daylight savings time, and everything "T-Day" for the next four weeks! In the spirit of this month we've got a feast of new features, a cornucopia of new capabilities and a banquet of breakthroughs to share with you. 🦃 🫵 Introducing #Graylog 7.0! 🎊
Let's take a look at the new improvements across dashboards, automation, and #AI support. There are four key ingredients in this 7.0 #Thanksgiving feast:
💡 Smarter Dashboards that deliver faster, more meaningful insights
🛠️ Guided Remediation that ensures consistent, reliable action
💲 Cost-efficient Data Lake Integration that simplifies cloud management
🤝 Native MCP Support that brings intelligent collaboration to every investigationReady to learn more? Take a look at the menu and more, in this article by Seth Goldhammer.
https://graylog.org/post/gobbling-up-insights-graylog-7-0-serves-up-a-feast/ #CyberSecurity #SIEM #APISecurity #TDIR
-
Why “Secure Login” Isn’t Enough to Protect Your Mobile App Anymore https://thecyberexpress.com/why-mobile-app-security-cant-stop-at-login/ #RuntimeApplicationSelfProtection #MultifactorAuthentication #mobilefraudprevention #appruntimesecurity #mobileappsecurity #OnetimePasswords #deviceintegrity #Vulnerabilities #APISecurity #CyberNews #mobileapp #fintech #BFSI #OTPs
-
Why “Secure Login” Isn’t Enough to Protect Your Mobile App Anymore https://thecyberexpress.com/why-mobile-app-security-cant-stop-at-login/ #RuntimeApplicationSelfProtection #MultifactorAuthentication #mobilefraudprevention #appruntimesecurity #mobileappsecurity #OnetimePasswords #deviceintegrity #Vulnerabilities #APISecurity #CyberNews #mobileapp #fintech #BFSI #OTPs
-
Why “Secure Login” Isn’t Enough to Protect Your Mobile App Anymore https://thecyberexpress.com/why-mobile-app-security-cant-stop-at-login/ #RuntimeApplicationSelfProtection #MultifactorAuthentication #mobilefraudprevention #appruntimesecurity #mobileappsecurity #OnetimePasswords #deviceintegrity #Vulnerabilities #APISecurity #CyberNews #mobileapp #fintech #BFSI #OTPs
-
Why “Secure Login” Isn’t Enough to Protect Your Mobile App Anymore https://thecyberexpress.com/why-mobile-app-security-cant-stop-at-login/ #RuntimeApplicationSelfProtection #MultifactorAuthentication #mobilefraudprevention #appruntimesecurity #mobileappsecurity #OnetimePasswords #deviceintegrity #Vulnerabilities #APISecurity #CyberNews #mobileapp #fintech #BFSI #OTPs