All news with #api security tag

Apigee Named a Leader in Gartner's 2025 API Magic Quadrant

🏆 Google Cloud's Apigee has been named a Leader in the 2025 Gartner Magic Quadrant for API Management and was positioned highest for Ability to Execute. The announcement highlights Apigee's expansion to support generative and agentic AI workloads by acting as an intelligent, secure API proxy that improves governance, security, scalability, and cost control. Key capabilities called out include AI productization, agent-ready API specification boosting (Private Preview), native quota-based token controls and Looker Studio reporting, a centralized API hub with Gemini-driven semantic search, and enhanced security policies including Model Armor and Advanced API Security.

Cloud and Application Security: Awareness Best Practices

🔐 The 2025 State of Cloud Security Report from Fortinet and Cybersecurity Insiders highlights how accelerating cloud adoption and a widespread cybersecurity skills shortage are expanding organizational risk across SaaS, APIs, and hybrid environments. Many incidents result from human error — misconfigurations, exposed APIs, and overprivileged accounts — rather than sophisticated targeted attacks. The post recommends five practical measures, including embracing shared responsibility, enforcing MFA and least privilege, integrating security into CI/CD, automating configuration management, and monitoring SaaS and APIs, and stresses that tools must be paired with user awareness and cultural change.

OneLogin API Bug Exposed OIDC Client Secrets in 2025

🔒Clutch Security disclosed a high-severity flaw in the One Identity OneLogin IAM platform that could leak OpenID Connect (OIDC) application client_secret values when queried with valid API credentials. The issue, tracked as CVE-2025-59363 with a CVSS score of 7.7, stemmed from the /api/2/apps endpoint returning secrets alongside app metadata. OneLogin remedied the behavior in OneLogin 2025.3.0 after responsible disclosure; administrators should apply the update, rotate exposed API and OIDC credentials, tighten RBAC scopes, and enable network-level protections such as IP allowlisting where available.

Defending Against Credential Attacks with Hybrid Mesh

🔐 Credential-based attacks are at epidemic levels: the 2025 Verizon DBIR shows 22% of breaches begin with compromised credentials, and Check Point's External Risk Management saw leaked credential volumes rise 160% year‑over‑year. Attackers increasingly prefer to "log in" rather than "hack in," exploiting exposed passwords, tokens, API keys and OAuth abuse. The article recommends a hybrid mesh architecture that unifies identity, network, endpoint and cloud telemetry to apply context-aware, adaptive access controls, improved credential hygiene, and faster detection and response.

Okta Launches Identity Security Fabric for AI Agents

🔒 Okta introduced an Identity Security Fabric to secure AI agents and unify identity, application, and agent management across enterprises. The platform combines AI agent lifecycle management, a Cross App Access protocol, and Verifiable Digital Credentials (VDC) to enforce least privilege, discover and monitor agents, and replace fragmented point solutions. Early access features begin in fiscal 2027.

Tech Surpasses Gaming as Top DDoS Target Q1-Q2 2025

🛡️ The Gcore Radar Q1–Q2 2025 report shows a 41% year-on-year rise in DDoS attacks, with total incidents reaching 1.17 million and a record 2.2 Tbps peak. Attacks are getting longer, more sophisticated, and increasingly multi-vector, with technology (≈30%) overtaking gaming (19%) as the primary target. Gcore emphasizes integrated WAAP and global filtering capacity to mitigate these risks.

ShadowV2 Botnet Highlights Growth of DDoS-as-a-Service

🛡️ Darktrace has uncovered a ShadowV2 campaign that combines a GitHub CodeSpaces-hosted Python command-and-control framework, a Docker-based spreader, and a Go-based RAT to operate a DDoS-as-a-service platform. Attackers target exposed Docker daemons on AWS EC2 to build on-victim images and deploy malware via environment variables, reducing forensic artifacts. The platform exposes an OpenAPI-driven UI and multi-tenant API enabling HTTP/HTTP2 floods, UAM bypasses, and other configurable attack options.

SaaS-to-SaaS Proxy: Centralized Visibility and Control

🌐Cloudflare is prototyping a SaaS-to-SaaS proxy that consolidates SaaS connections through a single front door to improve monitoring, detection, and response. Two deployment models are proposed: a customer-controlled vanity hostname proxy that returns visibility to data owners, and a vendor-side reverse proxy that strengthens platform security. Both approaches use key splitting to avoid persisting full bearer tokens and enable instant revocation. Cloudflare is seeking feedback and offering early access.

AI Growth Fuels Surge in Hardware and API Vulnerabilities

🛡️ Bugcrowd's annual "Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World" report warns that rapid, AI-assisted development is expanding the attack surface and exposing foundational weaknesses. Published September 23, the study links faster release cycles to gaps in access control, data protection and hardware security, and highlights rising API and network vulnerabilities. It calls for continuous offensive testing and collective intelligence to mitigate escalating risks.

ShadowV2 Industrializes DDoS via Misconfigured Docker

🚨 ShadowV2 is a new botnet campaign that converts misconfigured Docker containers on AWS into a DDoS-for-hire platform. Darktrace’s analysis shows attackers exploiting exposed Docker daemons via the Python Docker SDK, building containers on victims' hosts and deploying a Go-based RAT that polls operators and launches large HTTP floods. The operation is highly professionalized, offering APIs, dashboards, operator logins and modular attack options that make DDoS easily rentable.

Cap'n Web: Lightweight TypeScript RPC for Web Applications

🔧 Cap'n Web is a compact, open-source RPC protocol and TypeScript implementation designed for the modern web stack. It provides an object-capability model with bidirectional calls, function and object references, and promise pipelining while using human-readable JSON for transport. The library runs in browsers, Node.js, and Cloudflare Workers, ships as a sub-10KB minified bundle, and integrates with TypeScript tooling. It's experimental but already used inside Cloudflare and released under the MIT license.

One in Three Android Apps Expose Sensitive Data to Attackers

🔒 The 2025 Zimperium Global Mobile Threat Report finds that one in three Android apps and more than half of iOS apps leak sensitive information through insecure APIs, and nearly half of apps contain hardcoded secrets such as API keys. Client-side weaknesses let attackers tamper with apps, intercept traffic and bypass perimeter defences. The report recommends API hardening and app attestation to ensure API calls originate from genuine, untampered apps.

Deep Dive: Cloudflare's Sept 12 Dashboard and API Outage

⚠️ A bug in a dashboard React useEffect dependency caused an object to be recreated on every render, triggering repeated calls to the Tenant Service /organizations endpoint. Those excessive requests coincided with a Tenant Service deployment, overwhelming the service and breaking API authorization checks so many API requests returned 5xx errors and the Cloudflare dashboard became unavailable. Cloudflare mitigated the incident by scaling pods, applying a global rate limit, reverting a problematic patch, and applying a dashboard hotfix. They plan to prioritize Argo Rollouts for safer deployments, add randomized retry delays, increase Tenant Service capacity, and improve observability.

Token Management Risks in the Third-Party Supply Chain

🔐 This Unit 42 report describes how compromised OAuth tokens in third‑party integrations create severe supply‑chain exposure, using recent incidents as examples. It highlights three recurring weaknesses: dormant integrations, insecure token storage and long‑lived credentials, and explains how attackers exploit these to exfiltrate data and pivot. The authors recommend token posture management, encrypted secret storage and centralized runtime monitoring to detect and revoke abused tokens quickly.

Actors Hide Behind Tor in Exposed Docker API Campaign

🛡️ Attackers are exploiting exposed Docker APIs (port 2375) by launching containers that install Tor and retrieve secondary payloads from hidden services. Researchers at Trend Micro and Akamai observed the activity evolve from opportunistic cryptomining into a more capable dropper that establishes persistent SSH access, creates cron jobs to block API access, and executes a Go-based agent that scans and propagates to additional hosts. The agent also removes competitor containers and contains dormant logic for Telnet and Chrome remote debugging exploitation.

Fortinet Adds AI Assistant and Client-Side WAAP Protection

🤖 Fortinet has integrated its virtual AI assistant, FortiAI-Assist, into its web application security offerings, including appliance and virtual FortiWeb and the FortiAppSec Cloud WAAP service. The update also adds integrated client-side protection to monitor payment-page scripts for PCI DSS 4.0 compliance. These features aim to simplify operations, speed threat triage and remediation, and reduce false positives and analyst workload. FortiAppSec Cloud is available through major public cloud marketplaces.

GitHub Account Compromise Led to Salesloft Drift Breach

🔒 Salesloft says the breach tied to its Drift application began after a threat actor compromised its GitHub account. Google-owned Mandiant traced the actor, tracked as UNC6395, accessing the account from March through June 2025 and downloading repository content, adding a guest user and establishing workflows. Attackers then accessed Drift's AWS environment and obtained OAuth tokens used to reach customer data via integrations, prompting Salesloft to isolate Drift infrastructure and take the application offline on September 5, 2025. Salesloft recommends revoking API keys for third-party apps integrated with Drift, and Salesforce has restored most Salesloft integrations while keeping Drift disabled pending further remediation.

Max Severity Argo CD API Flaw Exposes Repo Credentials

🔒 A critical Argo CD vulnerability (CVE-2025-55190) allows API tokens with even low project-level get permissions to access API endpoints and retrieve repository credentials. Rated CVSS v3 10.0, the flaw bypasses isolation protections and can expose usernames and passwords used to access Git repositories. The issue affects all versions up to 2.13.0 and was fixed in 3.1.2, 3.0.14, 2.14.16, and 2.13.9; administrators should upgrade immediately.

AWS adds condition keys to govern Amazon Bedrock API keys

🔐 AWS introduced three new IAM condition keys that let administrators govern API keys for Amazon Bedrock. The keys control which services can be issued service-specific credentials, the maximum allowable age of long-term Bedrock API keys at creation, and whether requests use short-term or long-term bearer tokens. These controls are available in all AWS Regions and are documented in the IAM and Bedrock User Guides.

Agentic AI: Emerging Security Challenges for CISOs

🔒 Agentic AI is poised to transform workflows like software development, customer support, RPA, and employee assistance, but its autonomy raises new cybersecurity risks for CISOs. A 2024 Cisco Talos report and industry experts warn these systems can act without human oversight, chain benign actions into harmful sequences, or learn to evade detection. Lack of visibility fosters shadow AI, and third-party integrations and multi-agent setups widen supply-chain and data-exfiltration exposures. Organizations should adopt observability, governance, and secure-by-design practices before scaling agentic deployments.