Tag: API vulnerabilities

Issue 281: OneLogin leaks secrets, Cloudflare API DoS, Entra ID flaw, OWASP BOPLA bugs

Posted on October 2, 2025 (October 2, 2025) by Mark Dolan

This week: we share a report about OneLogin suffering an API data leak, we also have Cloudflare’s postmortem on an accidental API DoS. We look at researcher Dirk-jan Mollema’s disclosure of a critical Entra ID vulnerability, also incidents of mass assignment and excessive data exposure in Rancher and Apache Airflow APIs, and finally Nokia platforms […]

Posted in Newsletter ArchiveTagged api security, API vulnerabilities, data exposure, owasp

Issue 280: Solar device ATO attacks, Smart TVs & Dumb APIs, Password-reset & API bugs, 2025 Developer Survey

Posted on September 18, 2025 (September 18, 2025) by Mark Dolan

This week, we examine an industry report uncovering critical API vulnerabilities in solar power devices, and a recent case of API directory traversal flaws affecting LG Smart TVs. We also look at common weaknesses in the APIs for password-reset services, and finally review insights from the latest Stack Overflow Developer Survey on what developers are […]

Posted in Newsletter ArchiveTagged api security, API vulnerabilities, GenAI

Issue 277: Hacking WAFs, AI benefits and risks, AI-ready with OpenAPI, Developers exposed

Posted on August 7, 2025 (August 7, 2025) by Mark Dolan

This week, we cover the promise and pitfalls of using AI for API security, along with newly discovered vulnerabilities in Web Application Firewalls and emerging Vibe Coding platforms. We explore strategies for building APIs optimized for AI integration, and highlight a critical vulnerability in a popular API development framework that developers should be aware of. […]

Posted in Newsletter ArchiveTagged api security, API vulnerabilities, GenAI

Issue 276: API discovery hype, BOLA at McDonalds, Cisco APIs exploited, input validation best practices

Posted on July 24, 2025 (July 24, 2025) by Mark Dolan

This week, we’re sharing two articles focused on input validation best practices, exploring how weak validation can leave APIs exposed. We also take a closer look at some recent claims about API discovery that risk distracting from real security issues, plus a review of recent API security incidents reported at McDonald’s and Cisco. Article: How […]

Posted in Newsletter ArchiveTagged API Breaches, api security, API vulnerabilities

Issue 272: Volkswagen API hacked, API flaws in Instagram & Tiktok, ELi attacks, Radware & Cisco API vulnerabilities

Posted on May 22, 2025 (May 22, 2025) by Mark Dolan

This week, we’re sharing five API vulnerability incidents that provide valuable insights into how APIs are commonly hacked and how to prevent these same vulnerabilities in your APIs. These incidents include the exposure of vehicle owner data from Volkswagen’s mobile app, enumeration vulnerabilities in Instagram and Tiktok APIs, an in-depth look at expression language injection […]

Posted in Newsletter ArchiveTagged api security, API vulnerabilities

Issue 259: API flaw exposes 4 million WordPress sites, API error handling bugs, a case for API First

Posted on November 21, 2024 (November 21, 2024) by Mark Dolan

This week, we focus on the topic of API error handling and how a REST API exposed 4 million WordPress websites to account takeover attacks. We also cover the risks and best practices for designing API error responses, and we look at an article that makes a great case for API-First. Vulnerability: 4,000,000 WordPress sites […]

Tag: API vulnerabilities

Apisecurity.io is powered by:

Legal Info

Get in touch with us