What Is mTLS? The Essential Guide You Can’t Afford to Miss

| | API security
Intro: mTLS — The Unsung Hero of Cybersecurity Picture this: You're a secret agent on a high-stakes mission. You have a briefcase full of confidential information that you need to hand over securely. Sure, you could pass it to another agent, but how do you know you can trust them? ... Read More
Amazon, Microsoft & Google Dominate Cloud Market

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication through crafty manipulation of the X-HTTP-Method-Override header under specific circumstances. The importance ... Read More

Holistic API Security Strategy for 2023

| | API security
In the digital landscape of 2023, Application Programming Interfaces (APIs) have taken center stage in business operations. APIs act as the backbone of many digital services, enabling software applications to communicate and exchange data with each other. As businesses increasingly rely on APIs for integral operations, ensuring their security becomes ... Read More
ChatGPT Injection: a new type of API Abuse attack may steal your OpenAI API credits

ChatGPT Injection: a new type of API Abuse attack may steal your OpenAI API credits

ChatGPT is spreading like wildfire all over the internet, being used in everything from casual tools to cybersecurity and even industrial applications. It’s so popular, I wouldn’t be shocked if it starts running a nuclear power plant soon (if it isn’t already)! Using OpenAI’s ChatGPT-3.5, ChatGPT-4, and earlier models like ... Read More

Octopus Strike! Three Argo CD API Exploits In Two Weeks

Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks, three critical vulnerabilities have been detected in the tool, exposing sensitive information and compromising the security of the system. In this article, we will discuss ... Read More

Slack GitHub Account Hacked via Stolen Employee API Token

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private code repositories on December ... Read More

Best of 2022: New text2shell RCE vulnerability in Apache Common Texts CVE-2022-42889

Yet another RCE with a CVSS score of 9.8 out of 10 was disclosed a few hours ago. This issue looks like the same Log4shell and it seems even more dangerous since Common Texts are used more broadly. The Apache Foundation published a vulnerability in the Apache Commons Text project ... Read More

What ChatGPT know about API Security?

| | API security
There is no doubt that you heard about and seen the latest OpenAI’s brilliant called ChatGPT. It can write poems, speak many languages, answer questions, play chess, make code and impress everyone. In this post, we show a few more of how this AI model is good in cybersecurity, in ... Read More

Azure CLI Code Injection CVE-2022-39327 hits 9.8/10 CVSS score

| | API security
The most recent Azure CLI Code Injection vulnerability is a rare and dangerous case. It’s not often that the most popular cloud platform client is vulnerable to such critical issues as code injection. Regardless overall high risk of injections by OWASP Top 10 and OWASP API Security Top 10, code ... Read More

Three new API exploits causes GitLab data privacy and availability issues

On May 10, 2022, and May 11, 2022, CVE-2022-1352 CVE-2021-1431, and CVE-2022-1545 were fixed and published on Gitlab-ORG public repository. There are no technical details or exploits yet, but according to the high-level description and titles, they gonna be critical Gitlab API vulnerabilities that affect data privacy and service availability.  ... Read More