According to Salt Security's 2024 State of API Security Report, 80% of API attacks attempt to exploit one or more OWASP API Security Top 10 vulnerabilities. Yet, only 58% of organizations prioritize protection against these well-known threats. This gap leaves many businesses exposed to cyber risks that could have been prevented. Investing in API testing tools helps safeguard your mobile application ecosystem against evolving threats.

On March 20, a relatively unknown user on Breach Forums posted the allegation that Oracle had suffered a data breach. According to published reports, the attacker claimed that 6 million customer records were exfiltrated from Oracle's SSO and LDAP systems. The threat actor behind the post is allegedly offering to sell the data, providing multiple purchasing options based on company name, hashed credentials, and other sensitive information.

AI is reshaping industries, but security teams treat it like traditional software. Unfortunately, the real problem is AI models don’t just have bugs—they have systemic vulnerabilities. Adversarial manipulation, data poisoning, and model inversion aren’t edge cases; they’re real threats attackers are already exploiting. Yet, most security programs lack a structured approach to testing AI risks. Conventional pentesting isn’t enough.

Data poisoning is a sophisticated adversarial attack designed to manipulate the information used in training artificial intelligence (AI) models. By injecting deceptive or corrupt data, attackers can hurt model performance, introduce biases, or even create security vulnerabilities. As AI models increasingly power critical applications in cybersecurity, healthcare, finance, and many other industries, maintaining the integrity of their training data is absolutely critical.

Security leaders in the life sciences and health technology fields know how important it is to safeguard sensitive data like protected health information (PHI), personally identifiable information (PII), and confidential research data. They also know what’s at stake with a security breach or data exfiltration event. But what’s not always clear is how to find the right solution to keep all that data safe.

On March 20, 2025, a threat actor known as Rose87168 posted on the dark web, claiming to be selling breached Oracle Cloud Traditional servers along with approximately 6 million exfiltrated user records. The hacker did not mention the price for the stolen data. He alleged that critical information, including SSO (Single Sign-On) and LDAP credentials, Java Keystore (JKS) files, passwords, and authentication keys, was stolen from Oracle’s login infrastructure.

Go beyond GitHub's scope. Understand the full picture of your secret leaks with GitGuardian, covering public and internal exposures.