APIsecurity.io
@apisecurityio
Followers
4K
Following
131
Media
126
Statuses
2K
API security news, standards, vulnerabilities, tools.
Joined September 2018
In issue 284, vulnerabilities in trusted AI platforms, a blog post claiming an API BOLA vulnerability at Mercury Energy New Zealand, a recent interview exploring a range of API security topics and news of a new OWASP Top 10 list. https://t.co/YyZu5a5JSd
#apisecurity #AIsecurity
0
0
0
WhatsApp API flaw let researchers scrape 3.5 billion accounts https://t.co/Exl5gmole4
bleepingcomputer.com
Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting.
0
0
0
Why APIs and API security-first are critical In The Age Of Ai https://t.co/YlHqcHnOrv
smbtech.au
Every Australian business leader is being told they need an Ai strategy. What most are not being told is that Ai systems only work as well as the APIs underneat
0
0
0
Threat Intelligence: Analysis of the NOFX AI Automated Trading Vulnerability https://t.co/0PS37qpLtq
slowmist.medium.com
Although the NOFX project has undergone attempted fixes, the core issue remains unresolved.
0
0
1
The OWASP Business Logic Abuse Top 10 complements and enhances existing OWASP Top 10 projects by providing a cross-domain focus on business logic vulnerabilities that transcend technology stacks https://t.co/QExSbuz7vc
owasp.org
A very brief, one-line description of your project
0
1
2
65% of Leading AI Companies Found With Verified Secrets Leaks including API Keys https://t.co/n6rrpU5rqL
infosecurity-magazine.com
A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets
0
0
0
"..APIs are not just developer conveniences, they are business-critical assets that demand the same rigor as financial systems or customer databases..." https://t.co/WyYdGiJF2o
#APIsecurity
0
1
1
LLMs and AI pose a potential risk that API developers can’t afford to ignore. https://t.co/IMzbk6B1GD
#APIsecurity #AI #LLM
nordicapis.com
LLMs often break API contracts, posing risks for security and governance. Here's how to prepare APIs for safe agentic consumption.
0
0
0
SesameOP Malware uses the OpenAI Assistants API as a covert command-and-control channel. https://t.co/jqCglwbIFs
#APIattack #AIsecurity #APIsecurity
bleepingcomputer.com
Microsoft security researchers have discovered a new backdoor malware that uses the OpenAI Assistants API as a covert command-and-control channel.
0
0
0
Anthropic Claude Flaw Lets Attackers Steal Data Using AI’s Own API https://t.co/7Wn1Rsbnx3
#AIsecurity #APIsecurity
winbuzzer.com
A critical vulnerability in Anthropic's Claude AI allows attackers to exfiltrate user data via a chained exploit that abuses the platform's own File API.
0
0
2
"AI is deeply intertwined with APIs, and organizations aren’t yet prepared for how these AI interfaces expand the attack surface..... AI security is API security.” https://t.co/WrWWYLhhzu
channelinsider.com
Wallarm’s Q3 2025 API ThreatStats Report reveals a 20% rise in API flaws and a 270% surge in MCP risks, highlighting growing AI-API security threats.
0
0
1
In issue 283, critical issues in the WSO2 API Manager and Better-Auth plugin, BOPLA vulnerability in a Formula 1, API security flaws in industrial devices and an interview with former CISA director on using AI to solve today’s security challenges. https://t.co/pIoYV5s6yf
0
1
1
Marina Bay Sands fined over data breach. API omission during large software migration leaves customer data unprotected. https://t.co/XaMT26jB0I
channelnewsasia.com
The leaked data, which included names and contact details that identified Marina Bay Sands' patrons, was later found offered for sale on the dark web.
0
0
1
Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets. https://t.co/soAtzFKVFy
darkreading.com
Hardcoded credentials, access tokens, and API keys end up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.
0
0
0
In issue 282, we examine the World Poker Tour website hack, the exposure of Nagios Log Server API credentials, the causes of API drift, common injection attacks targeting APIs, and how DDoS campaigns are increasingly focusing on API endpoints. https://t.co/c5uuQpKc8V
#apisecurity
0
0
1
Kibana CrowdStrike Connector Vulnerability Exposes Protected Credentials https://t.co/hjNOEi87Al
cyberpress.org
A critical security issue in the Kibana CrowdStrike Connector has been discovered that allows attackers to access stored CrowdStrike credentials
0
0
1
Security gaps across 50 biotech platforms — from exposed DNA data to unauthenticated APIs. https://t.co/qB4TmSALE5
sekurno.com
Access the full Biotech Cybersecurity Report 2025 by Sekurno. Key Vulnerabilities and Security Trends from 50 Leading Biotech Companies — Analyzed by Sekurno
0
0
1
Issue 281 of the https://t.co/gOdaGFM9Eb newsletter is out now. In this issue we examine OneLogin's API data leak, Cloudflare’s accidental API DoS, a critical Entra ID vulnerability, incidents of mass assignment and excessive data and more.. https://t.co/NeRnzj6V78
#apisecurity
0
0
0
As attacks and vulnerabilities rise, defenders need to rethink strategies https://t.co/EvkUiwDVtA
securityboulevard.com
Hardware vulns up 88%. Network vulns doubled. Bugcrowd’s latest report shows AI-driven dev is fueling both innovation and risk. securityboulevard.com/as-hardware-api-and-network-vulnerabilities-ris...
0
1
2