Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What is API Security Testing? API security testing is a process of carefully evaluating API endpoints to identify and remediate vulnerabilities such as fuzzy input, parameter tampering, or injection attacks. Acting as the first line of defense, it meticulously examines endpoints to identify and neutralize vulnerabilities before attackers can exploit them.

In the age of digital-first businesses, every other software solution either uses an API (Application Programming Interface) or makes one. They enable various applications and services to work together, enabling businesses to improve features, streamline user experience, and provide new exciting offerings. Unfortunately, the more APIs we collect and interact with, the more security challenges increase.

One famous case of a major telecom player involved 10 million customer accounts being breached, and days later, an extortion demand for $1 million pounds cash was also made. The weak link? A forgotten ‘Zombie API.’

A new Cross-Site Request Forgery (CSRF) vulnerability has been discovered in PowerAdmin. This vulnerability poses a significant risk, potentially compromising user data and disrupting the designated functionality across roles.

Modern software is built on the backs of APIs (Application Programming Interface). It unites separate bits of the web, allowing systems to communicate with each other. With APIs being used on such a wide scale, managing them becomes a mammoth task.

Two vulnerabilities—stored XSS and insecure file upload— have been detected in the Alpha 0.5 version of CervantesSec. This article will outline what CervantesSec does, the vulnerabilities found, and its current status.

Cybersecurity is the most crucial curve in today’s rapidly evolving digital landscape, and all organizations of any size need to be at the forefront of it. With AI becoming mainstream, new emerging trends shape the cybersecurity industry daily.

Recently, Qualys identified a new remote unauthenticated Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, nicknamed regreSSHion (CVE-2024-6387).

Cyber threats are getting more sophisticated and frequent. As a result, organizations are always looking for ways to outsmart cybercriminals. This is where artificial intelligence (AI) comes in handy. Artificial intelligence (AI) is transforming the cybersecurity landscape by offering faster, more precise, and more efficient means of identifying cyber threats.

Polyfill.js is a Javascript library that helps old browsers run new modern features which these old browsers do not support natively. The library is popular among developers for helping them offer consistent user experience regardless of the browser environment the user is using. In February 2024, a Chinese company bought the domain polyfill.io and the Github account associated with it. Since then, they’ve been serving malware via cdn.polyfill.io as pointed by the team at Sansec.