Geek-Guy.com

Category: API security

API security, Global Security News, Security Bloggers Network

Developer Leaks API Key for Private Tesla, SpaceX LLMs

In AI, as with so many advancing technologies, security often lags innovation. The xAI incident, during which a sensitive API key remained exposed for nearly two months, is a stark reminder of this disconnect. Such oversights not only jeopardize proprietary technologies but also highlight systemic vulnerabilities in API management. As more organizations integrate AI into…

Read more →

agentic ai, api, API security, Featured, Global Security News, rsac, Security, Social - X, Spotlight, wallarm

Wallarm Extends API Security Reach to AI Agents

Wallarm at the 2025 RSA Conference announced that, starting this summer, it will extend the reach of its platform for securing application programming interfaces (APIs) to include artificial intelligence (AI) agents. Tim Erlin, vice president of product for Wallarm, said the Agentic AI Protection capability added to the platform makes it possible to thwart attack..…

Read more →

API security, Application Security, Global Security News, imperva, Schema, Security Bloggers Network, thales

Beyond Schema Enforcement: Imperva’s Approach to Delivering Holistic API Security

API security is gaining attention, yet many organizations struggle to move from identifying risks to mitigating them effectively. In their eagerness to strengthen their security posture, some rush to implement schema protection. However, the dynamic and often incomplete nature of API schemas soon reveals a critical gap; schema enforcement alone is not enough for comprehensive…

Read more →

API security, Global Security News, Security Bloggers Network

The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost.  AI agents rely on APIs to access…

Read more →

API security, Global Security News, Security Bloggers Network

The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access

Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost.  AI agents rely on APIs to access…

Read more →

API security, Application Detection and Response (ADR), Application Layer Security, application vulnerabilities, attack chain disruption, Global Security News, incident postmortem, mean time to detect, mean time to respond, MITRE ATT&CK, Security Bloggers Network, Security Operations Center (SOC), SOC incident response, threat prioritization, vulnerabilities

How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From Alert Fatigue to Application-Layer Visibility | Contrast Security

Just because you work in a security operations center (SOC) doesn’t mean you have to waste your time chasing  dragons. And by “dragons,” we mean the traditional SOC’s difficulty identifying cyberattacks that originate in the black box of the application layer.  The post How Contrast ADR Speeds up SOC Incident Response Time| SOC Challenges From…

Read more →

API security, Global Security News, Security Bloggers Network

AI Agents and API Security: The Hidden Risks Lurking in Your Business Logic

Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes introduces risks that, without proper API security, can compromise sensitive data and decision-making.  Challenging the Myth of…

Read more →

API security, API Security - Analysis, News and Insights, Global Security News, Healthcare, mobile app security, Mobile Health, Security Bloggers Network

HIPAA Security Rule Amendment: Key Public Comments and Next Steps

Major cybersecurity breaches continue to plague the US healthcare industry, and on December 27, 2024, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) to amend the HIPAA Security Rule, titled “The HIPAA Security Rule to Strengthen the Cybersecurity of Electronic Protected Health Information”. Comments were requested and…

Read more →

API security, Global Security News, Security Bloggers Network

Data Leaks and AI Agents: Why Your APIs Could Be Exposing Sensitive Information

Most organizations are using AI in some way today, whether they know it or not. Some are merely beginning to experiment with it, using tools like chatbots. Others, however, have integrated agentic AI directly into their business procedures and APIs. While both types of organizations are undoubtedly realizing remarkable productivity and efficiency benefits, they may…

Read more →

API security, API Security - Analysis, News and Insights, Global Security News, Healthcare, mobile app security, Mobile Health, Security Bloggers Network

UK NHS API Flaw Exposes Critical Mobile Security Risks

A recent vulnerability discovered in an UK National Health Service HS API has once again highlighted the risks associated with insecure mobile application programming interfaces (APIs). The flaw reportedly allowed unauthorized access to sensitive patient data, raising serious concerns about the security of healthcare applications. The post UK NHS API Flaw Exposes Critical Mobile Security…

Read more →

API security, Application Security, Exploits, Global Security News, owasp, Security Bloggers Network, waf, WAF evaluation

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

A devastating new remote code execution (RCE) vulnerability, CVE-2025-24813, is now actively exploited in the wild. Attackers need just one PUT API request to take over vulnerable Apache Tomcat servers. The exploit, originally published by a Chinese forum user iSee857, is already available online: CVE-2025-24813 PoC by iSee857. Exploit Breakdown: How a Simple PUT Request…

Read more →

API security, API Security - Analysis, News and Insights, Fintech, Global Security News, mobile app security, Mobile Finance, Security Bloggers Network

New Mobile App Scanning Tool Created by Approov and CMU Africa

Approov and Carnegie Mellon University Africa’s Upanzi Network have teamed up again to help fintech companies provide more secure services to their customers by creating a new web-based open source tool which scans Android mobile application software for vulnerabilities and security issues and present a detailed report with recommendations on how to fix any issues…

Read more →

.net, .net application, API security, Application Detection and Response (ADR), attacks, cross-site scripting, cyberattacks, Global Security News, method tampering, Perimeter defenses, Security Bloggers Network, sql injection, XSS

ADR Report | Application Detection and Response Trends | Contrast Labs

In a startling finding, Contrast Security Application Detection and Response stopped tens of thousands of attacks that made it past perimeter defenses on a single application in mid-January 2025.  The post ADR Report | Application Detection and Response Trends | Contrast Labs appeared first on Security Boulevard.

Read more →

API security, Cloud Security, Cybersecurity, Global Security News, Security Bloggers Network

Stay Relaxed with Top-Notch API Security

Are Businesses Truly Aware of the Importance of Non-Human Identities in Cybersecurity? There’s one critical aspect that’s frequently overlooked: Non-Human Identities (NHIs). These machine identities, composed of Secrets such as tokens, keys, and encrypted passwords, play a pivotal role in maintaining top-notch API security in organizations, keeping their valuable data safe and their operations running…

Read more →

API security, Global Security News, Security Bloggers Network

AI Security is API Security: What CISOs and CIOs Need to Know

Just when CIOs and CISOs thought they were getting a grip on API security, AI came along and shook things up. In the past few years, a huge number of organizations have adopted AI, realizing innumerable productivity, operational, and efficiency benefits. However, they’re also having to deal with unprecedented API security challenges.  Wallarm’s Annual 2025…

Read more →

API security, Cloud Security, Cybersecurity, Global Security News, Security Bloggers Network

Empowering Teams with Secure API Management

Why is Secure API Management Essential for Team Empowerment? Is API management a critical aspect of your organization’s cybersecurity strategy? It should be. APIs, or Application Programming Interfaces, are the engines that power today’s digital ecosystem. They enable systems to communicate, allowing for streamlined operations and improved productivity. However, incorrectly managed APIs expose businesses to…

Read more →

API security, Global Security News, Security Bloggers Network

Considerations for Selecting the Best API Authentication Option

Implementing API authentication is one of the most critical stages of API design and development. Properly implemented authentication protects data, user privacy, and other resources while streamlining compliance, preventing fraud, and establishing accountability. In fact, broken authentication is one of the leading causes of API-related breaches.  Ultimately, by applying robust authentication mechanisms, organizations can dramatically…

Read more →

API security, Application Detection and Response (ADR), Application Security, blocked attacks, cyberattacks, Cybersecurity, Global Security News, Log4Shell, Security Bloggers Network, threat detection, Threat Detection and Response, unsafe deserialization, vulnerability, Web Application Firewall (WAF)

Unsafe Deserialization Attacks Surge | December Attack Data | Contrast Security

Attacks on individual applications were down month to month in December 2024, but one of the most dangerous types of attacks was up significantly. That’s according to data Contrast Security publishes monthly about the detection and response of real-world application and application programming interface (API) attacks with Application Detection and Response (ADR). What you’re about…

Read more →

API security, Cybersecurity, Global Security News, Secrets Security, Security Bloggers Network

Challenges and Solutions in API Security

Are Organizations Fully Grasping the Importance of API Security? It is surprising how often businesses underestimate the importance of Application Programming Interface (API) security while navigating the digital landscape. This concern arises due to the significant rise in API-centric applications. While APIs offer countless benefits, they also pose substantial cybersecurity challenges. So, how well are…

Read more →

AI, API security, Application Security, AppSec, GenAI, Global Security News, predictions, Security Bloggers Network, software supply chain attacks

Imperva’s Wildest 2025 AppSec Predictions

Humans are spectacularly bad at predicting the future. Which is why, when someone appears to be able to do it on a regular basis, they are hailed as visionaries, luminaries and celebrated with cool names like Nostradamus and The Amazing Kreskin. Nostradamus made his fame on predictions about the distant future, but that technique has…

Read more →

API security, Emerging Tech, Global Security News, Non-Human Identity Security, Security Bloggers Network

Innovation in API Security: What’s New

So, What’s the Deal with Recent API Security Innovations? As companies across the spectrum of industries including finance, healthcare, travel, and more intensify their adoption of digital technologies, there’s an undeniable need for robust security measures to protect their assets in the cloud. More than ever, Non-Human Identities (NHIs) and Secrets Security Management are emerging…

Read more →