Tag: API Security
Decade Old Authentication Flaw in Python’s Core Infrastructure Patched
The flaw, discovered by DEVCORE researchers, could have redirected Python downloads to malicious servers but was patched within 48 hours…
AI-Powered Fuzzing Pipeline Uncovers $500,000 in Google Bugs
An AI-driven fuzzing pipeline uncovered over $500,000 in bug bounties from Google by exploiting access control failures across roughly 1,500…
Attack on Dashlane Reveals 2FA Weakness in Device Registration Process
Dashlane confirms attackers brute-forced 2FA tokens to download encrypted password vaults from fewer than 20 users, but encrypted data remains…
Annual Pentests Leave Banks Exposed for 345 Days: Real World Gap Revealed
A critical API flaw on a bank's third party mortgage portal exposed data for all institutions on the platform, revealing…
CERT-In Imposes 12 Hour Patching Window for Exposed Systems Due to AI Threats
CERT-In's new 12 hour patching mandate for internet facing systems aims to counter the rising threat of AI driven automated…
Massive Scanning Campaign Targets SonicWall Firewall Interfaces Worldwide
Scanning volume against SonicWall SonicOS API jumped 46 times normal levels on May 12, matching a reconnaissance pattern seen before…
Ghost CMS Flaw Fueling Large Scale ClickFix Social Engineering Campaign
Researchers observed that vulnerable university and tech company sites were used to serve fake Cloudflare prompts that tricked visitors into…
Cisco Secure Workload Flaw Opens Door to Full System Takeover via API
The critical bug in Cisco Secure Workload requires no authentication and grants attackers full Site Admin control via internal REST…