EUVD-2024-44152

Malicious code in bioql PyPI...

Security Bulletin: Astronomer with IBM is vulnerable to API abuse due to the NATS-Server package (CVE-2025-30215)

Summary NATS-Server is used by Astronomer with IBM as part of the messaging functionality. Vulnerability Details CVEID:CVE-2025-30215 DESCRIPTION: NATS-Server is a High-Performance server for NATS.io, the cloud and edge native messaging system. In versions starting from 2.2.0 but prior to 2.10.27...

CVE-2019-3666

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor WA prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site...

Threat Actor Selling 1.2 Billion Facebook Records, But Details Don’t Add Up

Threat actor 'ByteBreaker' claims to sell 1.2B Facebook records scraped via API abuse, but inconsistencies in data size and identity raise doubts...

CVE-2025-20257

A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Th...

New AkiraBot Abuses OpenAI API to Spam Website Contact Forms

Cybersecurity researchers have identified a new spam campaign driven by 'AkiraBot,' an AI-powered bot that targets small business…...

CVE-2025-2395

The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator...

How Is API Abuse Different from Web Application Attacks by Bots?

API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...

Study Reveals Security Teams Feel the Impact of Rising API Threats

API abuse is increasing at an alarming rate. Read this post to learn the four areas of focus for organizations that are seeking to protect their APIs...

Context is King: Using API Sessions for Security Context

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of...

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

In a concerning trend, cybercriminals are leveraging DocuSign's APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate...

Wordpress XML-RPC System.multicall Credential Collector

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require 'metasploit/framework/loginscanner/wordpressmulticall' class MetasploitModule 'Wordpress XML-RPC...

Dell Data Breach: Personal Information of 49 Million Customers Compromised due to latest API Abuse

Dell recently issued a notice regarding a data breach that occurred on May 9, which has reportedly affected over 49 million customers across the globe. According to a report by BleepingComputer, Dell initiated the distribution of notifications cautioning its customers that their personally...

UBUNTU-CVE-2024-4539

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

CVE-2024-4539

Removed by vendor...

CVE-2024-4539

GitLab CE/EE (versions 15.4–16.9.7, 16.10–16.10.5, 16.11–16.11.2) is affected by CVE-2024-4539 where abusing the API to filter branches and tags could cause a Denial of Service. Root cause: improper API filtering logic allows resource abuse. Impact: DoS with network access and low attacker privil...

CVE-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

CVE-2024-23189

CVE-2024-23189 concerns Open-Xchange App Suite. A vulnerability arises from embedded content references in tasks that can temporarily execute script code in a user’s browser session. Exploitation would require user interaction or social engineering to import external content, and could enable mal...

Wallarm Named a Leader in GigaOm Radar for API Security

I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...

UBUNTU-CVE-2023-6866

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...