All news with #api security tag

AI Growth Fuels Surge in Hardware and API Vulnerabilities

🛡️ Bugcrowd's annual "Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World" report warns that rapid, AI-assisted development is expanding the attack surface and exposing foundational weaknesses. Published September 23, the study links faster release cycles to gaps in access control, data protection and hardware security, and highlights rising API and network vulnerabilities. It calls for continuous offensive testing and collective intelligence to mitigate escalating risks.

ShadowV2 Industrializes DDoS via Misconfigured Docker

🚨 ShadowV2 is a new botnet campaign that converts misconfigured Docker containers on AWS into a DDoS-for-hire platform. Darktrace’s analysis shows attackers exploiting exposed Docker daemons via the Python Docker SDK, building containers on victims' hosts and deploying a Go-based RAT that polls operators and launches large HTTP floods. The operation is highly professionalized, offering APIs, dashboards, operator logins and modular attack options that make DDoS easily rentable.

Cap'n Web: Lightweight TypeScript RPC for Web Applications

🔧 Cap'n Web is a compact, open-source RPC protocol and TypeScript implementation designed for the modern web stack. It provides an object-capability model with bidirectional calls, function and object references, and promise pipelining while using human-readable JSON for transport. The library runs in browsers, Node.js, and Cloudflare Workers, ships as a sub-10KB minified bundle, and integrates with TypeScript tooling. It's experimental but already used inside Cloudflare and released under the MIT license.

One in Three Android Apps Expose Sensitive Data to Attackers

🔒 The 2025 Zimperium Global Mobile Threat Report finds that one in three Android apps and more than half of iOS apps leak sensitive information through insecure APIs, and nearly half of apps contain hardcoded secrets such as API keys. Client-side weaknesses let attackers tamper with apps, intercept traffic and bypass perimeter defences. The report recommends API hardening and app attestation to ensure API calls originate from genuine, untampered apps.

Deep Dive: Cloudflare's Sept 12 Dashboard and API Outage

⚠️ A bug in a dashboard React useEffect dependency caused an object to be recreated on every render, triggering repeated calls to the Tenant Service /organizations endpoint. Those excessive requests coincided with a Tenant Service deployment, overwhelming the service and breaking API authorization checks so many API requests returned 5xx errors and the Cloudflare dashboard became unavailable. Cloudflare mitigated the incident by scaling pods, applying a global rate limit, reverting a problematic patch, and applying a dashboard hotfix. They plan to prioritize Argo Rollouts for safer deployments, add randomized retry delays, increase Tenant Service capacity, and improve observability.

Token Management Risks in the Third-Party Supply Chain

🔐 This Unit 42 report describes how compromised OAuth tokens in third‑party integrations create severe supply‑chain exposure, using recent incidents as examples. It highlights three recurring weaknesses: dormant integrations, insecure token storage and long‑lived credentials, and explains how attackers exploit these to exfiltrate data and pivot. The authors recommend token posture management, encrypted secret storage and centralized runtime monitoring to detect and revoke abused tokens quickly.

Actors Hide Behind Tor in Exposed Docker API Campaign

🛡️ Attackers are exploiting exposed Docker APIs (port 2375) by launching containers that install Tor and retrieve secondary payloads from hidden services. Researchers at Trend Micro and Akamai observed the activity evolve from opportunistic cryptomining into a more capable dropper that establishes persistent SSH access, creates cron jobs to block API access, and executes a Go-based agent that scans and propagates to additional hosts. The agent also removes competitor containers and contains dormant logic for Telnet and Chrome remote debugging exploitation.

Fortinet Adds AI Assistant and Client-Side WAAP Protection

🤖 Fortinet has integrated its virtual AI assistant, FortiAI-Assist, into its web application security offerings, including appliance and virtual FortiWeb and the FortiAppSec Cloud WAAP service. The update also adds integrated client-side protection to monitor payment-page scripts for PCI DSS 4.0 compliance. These features aim to simplify operations, speed threat triage and remediation, and reduce false positives and analyst workload. FortiAppSec Cloud is available through major public cloud marketplaces.

GitHub Account Compromise Led to Salesloft Drift Breach

🔒 Salesloft says the breach tied to its Drift application began after a threat actor compromised its GitHub account. Google-owned Mandiant traced the actor, tracked as UNC6395, accessing the account from March through June 2025 and downloading repository content, adding a guest user and establishing workflows. Attackers then accessed Drift's AWS environment and obtained OAuth tokens used to reach customer data via integrations, prompting Salesloft to isolate Drift infrastructure and take the application offline on September 5, 2025. Salesloft recommends revoking API keys for third-party apps integrated with Drift, and Salesforce has restored most Salesloft integrations while keeping Drift disabled pending further remediation.

Max Severity Argo CD API Flaw Exposes Repo Credentials

🔒 A critical Argo CD vulnerability (CVE-2025-55190) allows API tokens with even low project-level get permissions to access API endpoints and retrieve repository credentials. Rated CVSS v3 10.0, the flaw bypasses isolation protections and can expose usernames and passwords used to access Git repositories. The issue affects all versions up to 2.13.0 and was fixed in 3.1.2, 3.0.14, 2.14.16, and 2.13.9; administrators should upgrade immediately.

AWS adds condition keys to govern Amazon Bedrock API keys

🔐 AWS introduced three new IAM condition keys that let administrators govern API keys for Amazon Bedrock. The keys control which services can be issued service-specific credentials, the maximum allowable age of long-term Bedrock API keys at creation, and whether requests use short-term or long-term bearer tokens. These controls are available in all AWS Regions and are documented in the IAM and Bedrock User Guides.

Agentic AI: Emerging Security Challenges for CISOs

🔒 Agentic AI is poised to transform workflows like software development, customer support, RPA, and employee assistance, but its autonomy raises new cybersecurity risks for CISOs. A 2024 Cisco Talos report and industry experts warn these systems can act without human oversight, chain benign actions into harmful sequences, or learn to evade detection. Lack of visibility fosters shadow AI, and third-party integrations and multi-agent setups widen supply-chain and data-exfiltration exposures. Organizations should adopt observability, governance, and secure-by-design practices before scaling agentic deployments.

Securing Cloud-Native Workloads From Code to Runtime

🔒 Lacework FortiCNAPP unifies CSPM, CWP, CIEM, and CDR to secure cloud-native workloads from development through runtime. It integrates with CI/CD pipelines to scan IaC, container images, and libraries, and leverages FortiDevSec for static and dynamic testing so vulnerabilities are caught before deployment. At runtime, behavior-based workload protection, cloud audit log analysis, and Fortinet Composite Alerts produce high-fidelity detections, while FortiWeb and automation via FortiSOAR enable edge blocking and orchestrated remediation.

Cloudflare CASB API Scanning for ChatGPT, Claude, Gemini

🔒 Cloudflare One users can now connect OpenAI's ChatGPT, Anthropic's Claude, and Google's Gemini to Cloudflare's API CASB to scan GenAI tenants for misconfigurations, DLP matches, data exposure, and compliance risks without installing endpoint agents. The API CASB provides out-of-band posture and DLP analysis, while Cloudflare Gateway delivers inline prompt controls and Shadow AI identification. Integrations are available in the dashboard or through your account manager.

VirusTotal IP Address Change and TLS Provider Update

🔔 VirusTotal is changing the IP address for www.virustotal.com from 74.125.34.46 to 34.54.88.138, with a gradual rollout beginning on November 25. If you currently whitelist or have hardcoded the previous IP in firewalls or proxies, update your rules to include the new address to avoid service interruptions. We are also replacing our DigiCert wildcard TLS certificate with a Google Trust Services single-host certificate—update any certificate signer or subject validations accordingly. Note that the Big Files upload flow returns URLs on bigfiles.virustotal.com, which is served via a ghs.googlehosted.com load balancer using dynamic IP resolution; ensure your controls permit DNS-based resolution for those endpoints.