This week, we cover the promise and pitfalls of using AI for API security, along with newly discovered vulnerabilities in Web Application Firewalls and emerging Vibe Coding platforms. We explore strategies for building APIs optimized for AI integration, and highlight a critical vulnerability in a popular API development framework that developers should be aware of. […]
This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How […]
This week, our theme is “how secure is your API security?”. We highlight two recent attacks targeting major financial platforms, along with a new industry survey that exposes significant gaps in API security practices. We also explore technical deep-dives into vulnerabilities such as JWT flaws and host header injection attacks. Plus, we share details on […]
This week, the theme is API authorization gone wrong. Guest contributor Rob Spectre kicks off a new interview series exploring real-world authorization failures. We also dive into case studies with key lessons for API security teams, including a look at the missteps that led to a £2.3M fine for 23andMe, and data exposure from the […]
This week, we dive into an unusual case of humans spoofing AI. We also examine three real-world API incidents of OWASP API Security Top 10 vulnerabilities. Plus, we share insights from a new industry report on rising API attack trends and explore how GitHub’s MCP vulnerability may signal a new set of authorization challenges to […]
This week, we’re sharing five API vulnerability incidents that provide valuable insights into how APIs are commonly hacked and how to prevent these same vulnerabilities in your APIs. These incidents include the exposure of vehicle owner data from Volkswagen’s mobile app, enumeration vulnerabilities in Instagram and Tiktok APIs, an in-depth look at expression language injection […]
This week, we look at a sharp rise in API security incidents across Asia-Pacific, and a critical API vulnerability in the dating app Raw. We also explore two credential-related incidents: one involving leaked OAuth credentials, and another highlighting the risks from long-lived API keys. Finally, a deep dive into the growing problem of API sprawl […]
This week, the theme is AI, with articles on securing APIs against agentic misuse and preventing unintended behaviors. We cover two critical vulnerabilities in AI platforms Langflow and Dify, both caused by API security flaws, and highlight a major data leak due to unauthenticated internal APIs. Finally, we look at an engaging conversation around using […]
This week, we have an interesting article on the dangers of API integrations in the education sector, and we cover recent incidents involving API vulnerabilities in two popular security platforms from Trellix and Aviatrix. We highlight a recent article by NordicAPIs on API misconfiguration vulnerabilities, and we share a useful list of recommended coding practices […]
This week, we examine three recent API security incidents, uncovering valuable lessons to help you protect your APIs. We also highlight key insights from Jetbrains’ comprehensive developer survey, and explore an article on how teams inadvertently leak API keys and tokens through their Postman workspaces and what you can do about it. Breach: Black-listing fails […]
This week, we investigate a recent flaw in WhatsApp’s View Once privacy feature and also critical vulnerabilities reported in the IBM WebMethods integration platform. We highlight a NordicAPIs article on the risks from third-party API and LLMs, and an article on solving the challenges of fine-grained access control for APIs. There’s also an interesting webinar […]
This week, we have news of a critical flaw with a popular API portal. We also have guides on securing GraphQL APIs and building bulletproof APIs and news of a new deliberately vulnerable API application. We also have an article on why fraud detection and API security must converge. Dana Epp wraps things up with […]
Copyright 2018-2025 42Crunch Ltd, All Rights Reserved.