API security

Most Recent

WordPress plugin under attack; Bricks Builder bug enables RCE

Laura FrenchFebruary 20, 2024

WordPress site takeover is possible without authentication via the actively exploited vulnerability.

concept of leaky software, data with a tap sticking out.3d illustration

Identity

X alternative Spoutible’s API leaked 2FA seeds, password reset tokens

Laura FrenchFebruary 6, 2024

“Have I Been Pwned?” creator Troy Hunt detailed the leak of more than 207,000 user records.

Cloud Security

Stop chasing shadow IT: Tackle the root causes of cloud breaches

Stu SjouwermanFebruary 6, 2024

Here are the five root causes of cloud breaches and five ways to mitigate them.

API security

AnyDesk forces password reset for customers as 18k credentials go up for sale online

Simon HenderyFebruary 5, 2024

Given the remote access tool’s popularity with some of the world's largest companies, researchers expect hackers will move fast to exploit freshly stolen credentials.

Identity

Microsoft fell victim to OAuth attack it issued warning about

Simon HenderyJanuary 29, 2024

Microsoft said it was also compromised via the same OAuth app abuse it warned about and offers tips to detect and protect.

API security

SonicWall API opens 178k firewalls to attack

Simon HenderyJanuary 16, 2024

More than three-quarters of devices are susceptible to a pair of flaws exposing SonicWall firewalls to DoS and RCE attacks.

API security

Bosch thermostats vulnerable to malware attacks

SC StaffJanuary 15, 2024

Hackread reports that widely used Bosch BCC100 thermostats have been discovered by Bitdefender Labs researchers to be impacted by a vulnerability that could be exploited for malware deployment.