%term

The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Nov 25, 2025 By Wallarm In Wallarm

For years, security lists focused on technology (Cloud , Mobile , Serverless ). We desperately needed a list that focused on the core problem: flawed application logic, regardless of the stack. The OWASP Top 10 Business Logic Abuse (BLA) list fills that critical, architectural gap. Why? Because exploitation often happens between technologies, not within them. We must be able to categorize and talk about these intricate logic threats in a technology-agnostic way.

View Video

Wallarm

Read more about The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Solving Al Agent Sprawl: API Governance Across Multi Gateway Environments

Nov 24, 2025 By Salt Security In Salt Security

As organizations accelerate adoption of AI agents, autonomous workflows powered by LLMs and MCP servers are rapidly proliferating across internal systems, partner networks, cloud environments, and API gateways. The result? A sprawling, often invisible attack surface: shadow APIs, duplicate endpoints, context drift, unmanaged agent access, inconsistent policies, and risk of data exposure or compliance failures.

View Video

Salt Security

API
Security

Read more about Solving Al Agent Sprawl: API Governance Across Multi Gateway Environments

Secure your APIs at the edge with Datadog App and API Protection

Nov 21, 2025 By Flavien Darche In Datadog

Modern applications are constantly exposed to various malicious activities, including credential stuffing, API abuse, and advanced injection attacks. Many of these threats can be stopped at the network edge, before they ever reach your application. That’s why Datadog App and API Protection offers real-time threat detection and blocking for popular edge proxies and load balancers, which include integrations for Envoy, Istio, NGINX, and Google Cloud Load Balancers (using Google Service Extensions).

Read Post

Datadog

Read more about Secure your APIs at the edge with Datadog App and API Protection

Stateless vs. Stateful: The Difference in Cyber Attacks #StatefulAttack #businesslogic #apisecurity

Nov 20, 2025 By Wallarm In Wallarm

The Hacker is Having a Conversation with Your API. There are two kinds of attacks you MUST understand: Stateless (Brute Force): One-and-done, instant gratification. Think SQL Injection. Stateful (Sophisticated): A persistent conversation over time. This is the signature of Business Logic Abuse. Why does this matter? Stateful attacks are executed by sophisticated threat actors who have done their due diligence on your architecture. You must evolve your defenses to monitor the entire session, not just single requests!

View Video

Wallarm

Read more about Stateless vs. Stateful: The Difference in Cyber Attacks #StatefulAttack #businesslogic #apisecurity

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Nov 19, 2025 By SquareX

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API.

Read Post

Read more about Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

APIs Are the Retail Engine: How to Secure Them This Black Friday

Nov 19, 2025 By Wallarm In Wallarm

Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on which the business runs?

Read Post

Wallarm

Read more about APIs Are the Retail Engine: How to Secure Them This Black Friday

When your AI Assistant Becomes the Attacker's Command-and-Control

Nov 19, 2025 By Wallarm In Wallarm

Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.

Read Post

Wallarm

Read more about When your AI Assistant Becomes the Attacker's Command-and-Control

Hacked Architecture, Not Code: What is a Business Logic Attack? #businesslogic #cybersecurity

Nov 18, 2025 By Wallarm In Wallarm

Why do hackers ignore your firewalls and clean code? Because they exploit your business logic and application architecture. A Business Logic Attack (BLA) is a sophisticated manipulation that uses your own system's design against you. Learn the key difference between code flaws and architectural exploits.

View Video

Wallarm

Read more about Hacked Architecture, Not Code: What is a Business Logic Attack? #businesslogic #cybersecurity

From Cloud to Code: Salt Cloud Connect Now Scans GitHub

Nov 18, 2025 By Eric Schwake In Salt Security

One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their APIs across AWS, Azure, GCP, Kong, and Mulesoft. This “ease of use” provides a “wow” moment of immediate visibility.

Read Post