Wallarm Research Releases Nuclei Template to Counter Threats Targeting LLM Apps
Wallarm Research has just released a powerful new Nuclei template targeting a new kind of exposure: the Model Context Protocol (MCP). This isn’t about legacy devtools or generic JSON-RPC pinging. It’s about the protocol fueling next-gen LLM applications — and it’s already showing up exposed in the wild. What is ... Read More
API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades. But the question now is: How can we flip the script and leverage their power to enhance security? Bybit might just have the answer. Bybit—one ... Read More
Analyzing DeepSeek’s System Prompt: Jailbreaking Generative AI
DeepSeek, a disruptive new AI model from China, has shaken the market, sparking both excitement and controversy. While it has gained attention for its capabilities, it also raises pressing security concerns. Allegations have surfaced about its training data, with claims that it may have leveraged models like OpenAI’s to cut ... Read More
Considerations for Selecting the Best API Authentication Option
Implementing API authentication is one of the most critical stages of API design and development. Properly implemented authentication protects data, user privacy, and other resources while streamlining compliance, preventing fraud, and establishing accountability. In fact, broken authentication is one of the leading causes of API-related breaches. Ultimately, by applying robust ... Read More
Best of 2024: TCP Resets from Client and Server aka TCP-RST-FROM-Client
Diving into the Enigma of TCP Resets Executed by Client and Server The Base Communication Protocol (BCP), understoond as the Transmission Control Protocol (TCP) equivalent, plays a key role in the protocol unit of the internet. Its primary task entails laying a groundwork for communication between two digital entities over ... Read More
AI-Powered APIs: Expanding Capabilities and Attack Surfaces
AI and APIs have a symbiotic relationship. APIs power AI by providing the necessary data and functionality, while AI enhances API security through advanced threat detection and automated responses. In 2023, 83% of Internet traffic traveled through APIs, but there was a 21% increase in API-related vulnerabilities in Q3 2024, ... Read More
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale
In a concerning trend, cybercriminals are leveraging DocuSign's APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard. The ... Read More
How to Mitigate the Latest API Vulnerability in FortiManager
Overview of the FortiManager API Vulnerability Recently, a critical API vulnerability in FortiManager (CVE-2024-47575) was disclosed. Certain threat actors exploited it in the wild to steal sensitive information containing configurations, IP addresses, and credentials used by managed devices. In advanced notification emails, Fortinet warned its users of the vulnerability and ... Read More
Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security
Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password the way of the dodo. Although they don’t get anywhere ... Read More
Deep Dive into the Latest API Security Vulnerabilities in Envoy
Envoy has carved out a critical role in cloud-native computing, becoming increasingly prevalent as the default ingress controller for Kubernetes. This high-performance proxy, developed by Lyft and now part of the Cloud Native Computing Foundation’s arsenal, is integral for companies scaling up their Kubernetes deployments. Envoy ensures efficient load balancing, ... Read More
