How to Protect Your SaaS from Bot Attacks with SafeLine WAF
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Most SaaS teams remember the day their user traffic started growing fast. Few notice the day bots started targeting them
CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. [...]
Marko Elez, a 25-year-old employee at Elon Musk's Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So it should fill all Americans with a deep sense of confidence to learn that Mr. Elez over the weekend inadvertently published a private key that allowed anyone to interact directly with more than four dozen large language models (LLMs) developed by Musk's artificial intelligence company xAI.
Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts
Also: Addressing AI Vulnerabilities and Governance ChallengesDeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes.
OpenAI and Microsoft Reportedly Investigate DeepSeek API AccessThe low-cost miracle of the DeepSeek-R1 model may not in fact be one as accusations surfaced that the Chinese company may have derived its reasoning model from U.S. firm OpenAI. OpenAI and Microsoft are investigating whether DeepSeek stole information from OpenAI through an API.
Kong's API Security Perspectives Report Says Many Teams Unprepared for AI ThreatsDespite 92% of companies securing their APIs, 40% of leaders doubt whether their investments are adequate against AI-driven threats, said Kong's API Security Perspectives Report. Only 13% of organizations in the U.S. and 4% in the U.K. admit to taking no specific measures against AI threats.
The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based
With so many SaaS applications, a range of configuration options, API capabilities, endless integrations, and app-to-app connections, the SaaS risk possibilities are endless. Critical organizational assets and data are at risk from malicious actors, data breaches, and insider threats, which pose many challenges for security teams
Security Researcher Says Flaw Came From 700 Exposed APIs Belonging to CoxAn independent security researcher discovered a critical flaw in the backend infrastructure of the largest broadband provider in the United States that, if exploited, could have left millions of business customer devices vulnerable to major cyberattacks.
The deal is expected to give the French vendor a larger presence in the application and API security markets, as well as in North America.