Why AI Agents Make API Security a CISO Priority

AI agents are not a future concern. They are already changing how enterprise systems are accessed, automated, and abused. And the security implication is clear: the more autonomous systems rely on APIs, the more important it becomes to know exactly which APIs exist, how they are being used, and...

EUVD-2026-25563

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causin...

CVE-2026-25043

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

Improper Verification of Cryptographic Signature

Overview altcha is a The ALTCHA Python Library is a lightweight, zero-dependency library designed for creating and verifying ALTCHA challenges, specifically tailored for Python applications. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via t...

FreeBSD : PostgreSQL -- vulnerabilities (fc048b51-7909-11f0-90a2-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fc048b51-7909-11f0-90a2-6cc21735f730 advisory. PostgreSQL project reports: Tighten security checks in planner estimation functions. Prevent...

CVE-2022-1663

The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request...

CLSA-2024-1728477985 Fix CVE(s): CVE-2023-31315

New microcode update packages from AMD upstream up to 2024-08-11: - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10ver:0x0A00107A, cpuid:0x00A10F12ver:0x0A101248, cpuid:0x00AA0F02ver:0x0AA00215, cpuid:0x00A00F12ver:0x0A001238, cpuid:0x00A10F11ver:0x0A101148,...

Remote Monitoring & Management software used in phishing attacks

Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...

Wallarm Named a Leader in GigaOm Radar for API Security

I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...

Can ChatGPT be used to attack your APIs? | API Security Newsletter

The winter solstice is fast approaching, along with the end-of-year holidays - before we know it, itll be 2023 already! And with the fall behind us, our hive has been busy putting the finishing touches on many new and improved capabilities – such as weak JWT detection, API Abuse Prevention, API...

Abuse and Fraud Prevention's Co-Created Future — Predictions for 2022 and Beyond

Explore some of the Akamai Abuse and Fraud Prevention team’s predictions for the future of abuse and fraud protection in 2022 and beyond...

Slack hurries to fix direct message flaw that allowed harassment

The enormous work messaging platform Slack quickly reversed course yesterday, promising to revise a brand-new direct message feature that could have been misused for harassment. Added to the company’s “Slack Connect” product—which lets enterprise users share messages with contract workers and...

Zoom Will Be End-to-End Encrypted for All Users

Zoom is doing the right thing: it's making end-to-end encryption available to all users, paid and unpaid. This is a change; I wrote about the initial decision here. ...we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our...