%term

Attackers Don't Need to Breach Your API -They'll Breach the Tools That Touch It

Dec 3, 2025 By Wallarm In Wallarm

The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact.

Read Post

Wallarm

Read more about Attackers Don't Need to Breach Your API -They'll Breach the Tools That Touch It

Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI

Dec 3, 2025 By A10 Networks In A10 Networks

Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI Agentic AI is fundamentally changing the security landscape, transforming how we think about API protection. In this insightful discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto dive deep into the challenges presented by this new wave of automation and API consumers.

View Video

A10 Networks

Read more about Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI

Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Dec 2, 2025 By Wallarm In Wallarm

The Salesloft/Salesforce incident revealed the danger of BLA 5: Artifact Lifetime Exploitation. The flaw is simple: the application fails to expire tokens and sessions properly. Stolen OAuth tokens that should have been short-lived were used to steal AWS keys, Snowflake tokens, and passwords. Key Takeaway: If an artifact is meant to be short-lived (a token, a session, a temporary file), it must be retired immediately upon expiration. Rotate your keys aggressively!

View Video

Wallarm

Read more about Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Dec 1, 2025 By Eric Schwake In Salt Security

In the world of cybersecurity, we have a "data" problem. We have more of it than ever before, more logs, more alerts, and definitely more APIs. But recently, this challenge has compounded. The rise of Agentic AI and Model Context Protocols (MCPs) has exploded the number of machine-to-machine connections in our environments. These agents spin up new pathways and access data in ways that are often invisible to traditional monitoring.

Read Post

Salt Security

Read more about Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Nov 29, 2025 By SecuritySenses In SecuritySenses

Discover the top benefits of using Java for web APIs, including high performance, scalability, and robust security. Ideal for enterprise-level backend development and cloud deployments.

Read Post

SecuritySenses

Read more about Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Optus Breach Lessons: Top 10 API Security Takeaways

Nov 28, 2025 By AppSentinels In AppSentinels

In September 2022, Australia woke up to the largest data breach in its history. Optus, the country’s second-largest telecom disclosed that the personal information of nearly 10 million people had been exposed. To put that in perspective, that’s almost 40% of the entire population. Among the data spilled were 2.1 million government-issued IDs – passports, driver’s licenses, Medicare cards – the kind of information that isn’t just sensitive, but life-defining.

Read Post

AppSentinels

Read more about Optus Breach Lessons: Top 10 API Security Takeaways

Bug Bounty Programs (2025) | Definition, Platforms & Costs

Nov 28, 2025 By AppSentinels In AppSentinels

“Tech giants pay hackers millions to hack them – on purpose.” What once sounded like a risky experiment has now become standard practice in cybersecurity. Bug bounty programs have moved from the fringes into the mainstream because traditional defenses alone can’t keep up with today’s scale and sophistication of attacks.

Read Post

AppSentinels

Read more about Bug Bounty Programs (2025) | Definition, Platforms & Costs

Quttera Launches "Evidence-as-Code" API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Nov 27, 2025 By Quttera

New API capabilities and AI-powered Threat Encyclopedia eliminate manual audit preparation, providing real-time compliance evidence and instant threat intelligence.

Read Post

Read more about Quttera Launches "Evidence-as-Code" API to Automate Security Compliance for SOC 2 and PCI DSS v4.0

Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic

Nov 27, 2025 By Wallarm In Wallarm

Missing Transition Validation (BLA 4) is a subtle but devastating threat. It exploits the sequence of steps in your application's workflow. The flaw? Your application fails to check that Step 2 (Payment) occurred before allowing access to Step 3 (Confirmation). The attacker simply draws a line straight to the goal! This attack is: Difficult to Detect: It uses valid requests in an invalid sequence. Tightly Coupled: It's unique to your application's specific logic. You need deep, sequence-aware runtime protection.

View Video

Wallarm

Read more about Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic

Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

Nov 25, 2025 By Eric Schwake In Salt Security

The conversation about AI security has shifted. For the past year, the focus has been on the model itself: poisoning data, prompt injection, and protecting intellectual property. These are critical concerns, but they miss the bigger picture of how AI is actually being operationalized in the enterprise. We are entering the era of Agentic AI. AI is no longer just generating text; it is taking action. Autonomous agents read customer tickets, query databases, update financial records, and trigger workflows.

Read Post