Why APIs Are the #1 Target for Modern Cyber Attacks
Forget zero-days. Attackers now focus on API logic flaws like BOLA and IDOR to steal data using legitimate requests.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Debunking API Security Myths
Unpacking Myths, Revealing Truths, Securing APIs APIs are the lifeline of digital innovation, connecting systems and enabling seamless user experiences. But with great power comes great risk. There’s a lot of misinformation out there about API security that could leave your business vulnerable if followed.
CISO Spotlight: Mike Wilkes on Building Resilience in an Evolving Threat Landscape
Mike Wilkes has had a career many cybersecurity professionals could only dream of. An adjunct professor, former CISO of Marvel and MLS, member of the World Economic Forum, drummer, and board member at the National Jazz Museum in Harlem, his interests and achievements are as eclectic as they are impressive.
Attackers Abuse TikTok and Instagram APIs
It must be the season for API security incidents. Hot on the heels of a developer leaking an API key for private Tesla and SpaceX LLMs, researchers have now discovered a set of tools for validating account information via API abuse, leveraging undocumented TikTok and Instagram APIs. The tools, and assumed exploitation, involve malicious Python packages - checker-SaGaF, stein lurks, and inner core - uploaded to PyPI.
The Future of AI Security Architecture | Wallarm 2025 Report #AIsecurity #Cybersecurity
Modern AI security must be layered: protections inside the agent, at the API level, and within infrastructure.
Mapping the Future of AI Security
AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts of data and plays an increasingly important role in operations; should cybercriminals abuse it, the consequences can be dire.
Prompt Injection: New Attack Vector for AI Systems | Wallarm Report #Cybersecurity #AIsecurity
You don't need direct access to an AI model to manipulate it. Third-party content like resumes or metadata can inject malicious prompts.
Jailbreaking AI: Hacking 2.0 | Wallarm 2025 API Security Report
Jailbreaking AI is modern hacking — tricking the system into behaving in unintended ways. It’s like truth serum for AI.
Developer Leaks API Key for Private Tesla, SpaceX LLMs
In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into their operations, ensuring robust API security has never been more critical.
Rethinking API and AI Security in the AI Era | Wallarm 2025 Report #Cybersecurity #APISecurity
Legacy tools like WAFs and API gateways weren't built for AI threats like prompt injections. Security must evolve.
The Ongoing Risks of Hardcoded JWT Keys
In early May 2025, Cisco released software fixes to address a flaw in its IOS XE Software for Wireless LAN Controllers (WLCs). The vulnerability, tracked as CVE-2025-20188, has a CVSS score of 10.0 and could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system – but the real story is that this vulnerability drives home the persistent risks associated with hardcoded credentials, particularly JSON Web Tokens (JWTs), in network infrastructure components.
The Most Dangerous Risk: Data Access in Agentic AI | Wallarm Report
Agentic AI greatly expands the attack surface: more platforms, more APIs, and more ways for attackers to access sensitive data.
Addressing API Security with NIST SP 800-228
APIs are quickly becoming the primary attack surface targeted by cyber criminals. The rise of generative AI systems, which run on APIs, has driven a dramatic increase in the number of APIs in use. How can you ensure your existing APIs and growing AI deployments remain secure, compliant, and resilient? NIST has now released an initial public draft of SP 800-228: Guidelines for API Protection for Cloud-Native Systems.
API Threat Trends: How Attackers Are Exploiting Business Logic
As businesses rely more on APIs, attackers are quick to turn that trust into opportunity. Among the most dangerous and difficult-to-detect threats are business logic exploits, which let cybercriminals manipulate legitimate functionality to gain unauthorized access, exfiltrate data, or disrupt operations. These attacks often slip past traditional defenses unnoticed, making them a growing concern for security teams.
AI + OWASP: Same Threats, New Surface | Wallarm 2025 API Security Report #APIsecurity #OWASP
There’s near-perfect overlap between the OWASP API Top 10 and LLM Top 10. The threats haven’t changed — only the surface they attack.
AI Vulnerabilities Are API Vulnerabilities #APIsecurity #AIsecurity #Cybersecurity
In 2024, 98.9% of AI-related CVEs were also API-related. As AI adoption grows, the attack surface explodes. API security and AI security are now inseparable. Learn more in the 2025 API Security Report.