Developers may be exposed to supply chain risks as a result of novel timing attacks uncovered against the registry API of the npm package…
API
web app attacks
Chromium’s prototype pollution bug disregarded the Sanitizer API
The problem illustrates difficulties in blocking client-side assaults. An attack-bypassing Sanitizer API, a built-in browser library for eliminating potentially harmful code from user-controlled input…
command injection attack
The Broken access controls and injection attacks are the major issues in API security for business security in 2022
In Q1 2022, Spring4Shell and Veeam RCE exploits were at the top of the list. Access control weaknesses are now connected to high-severity CVEs,…
General
GoTestWAF Expands API Attack Testing With Support For OpenAPI
Attendees at Black Hat USA have learned that the popular open-source hacking tool GoTestWAF has developed into the first utility of its kind to…
General
More Than 3,200 Apps Leak Twitter API Keys, Some of Which Enable Account Takeover
Researchers in cybersecurity have found 3,207 mobile apps that expose Twitter API keys to the public, potentially allowing a threat actor to hijack users’…
Cybersecurity News
GETTR user details and email Ids leaked by API security snafu
A programmer has released non-public data from GETTR, another online media platform dispatched by individuals from Donald Trump’s group recently. The information was gathered…
Cybersecurity
Cobalt Strike Usage By Threat Actors Rapidly Boomed; Proofpoint
In the latest research conducted by Proofpoint, it has come forth that adversaries are increasingly using Cobalt Strike, which is an authentic software tool…
General
Chinese Hackers Used Anthropic’s AI to Launch an Automated Attack Sticky
Over the weekend, Anthropic released a report in which it claimed a Chinese state-sponsored group used its own Claude AI tool to automate key…
General
Developers Hit by Malicious NPM Packages Stealing Credentials Sticky
Security researchers have identified a set of malicious npm packages that were quietly stealing credentials, tokens, and browser data from all major operating systems, including…
security breach
Sourcegraph Falls Victim to Security Breach Through Exposed Admin Token
This week, Sourcegraph, the AI-driven coding platform, disclosed a security breach incident involving unauthorized access to their website. On August 28th, an attacker exploited…