This week, in our final 2025 issue of APISecurity.io, we look back at the five most frequent API vulnerabilities covered in the newsletter over the past 12 months. These issues highlight common mistakes teams make in API development and can help to spotlight where security efforts can deliver the biggest opportunity to reduce risk. I’d […]
This week, we’re sharing some AI-related security news, with several reports highlighting vulnerabilities in trusted AI platforms. We also review a blog post claiming an API BOLA vulnerability at Mercury Energy New Zealand and cover a recent interview exploring a range of API security topics. First up though, news of a new OWASP Top 10 list […]
This week, our theme is API authorization vulnerabilities. We cover critical issues discovered in the WSO2 API Manager and the Better-Auth plugin, share an eye-opening BOPLA vulnerability in a Formula 1 registration API, and examine familiar API security flaws appearing more often in industrial devices. We also highlight a recent interview with former CISA director […]
This week: we share a report about OneLogin suffering an API data leak, we also have Cloudflare’s postmortem on an accidental API DoS. We look at researcher Dirk-jan Mollema’s disclosure of a critical Entra ID vulnerability, also incidents of mass assignment and excessive data exposure in Rancher and Apache Airflow APIs, and finally Nokia platforms […]
This week, we examine an industry report uncovering critical API vulnerabilities in solar power devices, and a recent case of API directory traversal flaws affecting LG Smart TVs. We also look at common weaknesses in the APIs for password-reset services, and finally review insights from the latest Stack Overflow Developer Survey on what developers are […]
This week, we cover the promise and pitfalls of using AI for API security, along with newly discovered vulnerabilities in Web Application Firewalls and emerging Vibe Coding platforms. We explore strategies for building APIs optimized for AI integration, and highlight a critical vulnerability in a popular API development framework that developers should be aware of. […]
This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How […]
This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on […]
This week, the theme is API authorization gone wrong. Guest contributor Rob Spectre kicks off a new interview series exploring real-world authorization failures. We also dive into case studies with key lessons for API security teams, including a look at the missteps that led to a £2.3M fine for 23andMe, and data exposure from the […]
This week, we dive into an unusual case of humans spoofing AI. We also examine three real-world API incidents of OWASP API Security Top 10 vulnerabilities. Plus, we share insights from a new industry report on rising API attack trends and explore how GitHub’s MCP vulnerability may signal a new set of authorization challenges to […]
This week, we’re sharing five API vulnerability incidents that provide valuable insights into how APIs are commonly hacked and how to prevent these same vulnerabilities in your APIs. These incidents include the exposure of vehicle owner data from Volkswagen’s mobile app, enumeration vulnerabilities in Instagram and Tiktok APIs, an in-depth look at expression language injection […]
This week, we look at a sharp rise in API security incidents across Asia-Pacific, and a critical API vulnerability in the dating app Raw. We also explore two credential-related incidents: one involving leaked OAuth credentials, and another highlighting the risks from long-lived API keys. Finally, a deep dive into the growing problem of API sprawl […]
This week, the theme is AI, with articles on securing APIs against agentic misuse and preventing unintended behaviors. We cover two critical vulnerabilities in AI platforms Langflow and Dify, both caused by API security flaws, and highlight a major data leak due to unauthenticated internal APIs. Finally, we look at an engaging conversation around using […]
This week, we have an interesting article on the dangers of API integrations in the education sector, and we cover recent incidents involving API vulnerabilities in two popular security platforms from Trellix and Aviatrix. We highlight a recent article by NordicAPIs on API misconfiguration vulnerabilities, and we share a useful list of recommended coding practices […]
This week, we examine three recent API security incidents, uncovering valuable lessons to help you protect your APIs. We also highlight key insights from Jetbrains’ comprehensive developer survey, and explore an article on how teams inadvertently leak API keys and tokens through their Postman workspaces and what you can do about it. Breach: Black-listing fails […]
This week, we investigate a recent flaw in WhatsApp’s View Once privacy feature and also critical vulnerabilities reported in the IBM WebMethods integration platform. We highlight a NordicAPIs article on the risks from third-party API and LLMs, and an article on solving the challenges of fine-grained access control for APIs. There’s also an interesting webinar […]
This week, we have news of a critical flaw with a popular API portal. We also have guides on securing GraphQL APIs and building bulletproof APIs and news of a new deliberately vulnerable API application. We also have an article on why fraud detection and API security must converge. Dana Epp wraps things up with […]
Copyright 2018-2025 42Crunch Ltd, All Rights Reserved.