Security news aggregator

Latest coverage for API

"Explore the latest in InfoSec with our Security Tag API, your gateway to up-to-date cyber security trends, tips, and expert insights. Stay secure!"

552 headlines in this view

An API, or Application Programming Interface, is a set of rules and protocols for building and interacting with software applications. APIs enable different software systems to communicate with each other, allowing them to exchange data and functionality easily and securely.In the context of information security, APIs play a critical role as they often serve as the gateways to an organization's core systems and data. They can be public, private, or internal, each with different security considerations. A public API is exposed to the outside world and is especially vulnerable to attacks, whereas a private or internal API might only be accessible within a company's network, which offers additional layers of security.Securing APIs involves ensuring that only authorized parties can access them and that the data they transmit is protected both in transit and at rest. This includes implementing proper authentication mechanisms, such as API keys, OAuth tokens, or JWTs (JSON Web Tokens), and ensuring encryption standards like SSL/TLS are in place to safeguard data integrity and confidentiality.As APIs continue to proliferate with the expansion of cloud services, IoT devices, and mobile applications, the importance of API security in protecting sensitive information and critical infrastructure has never been more paramount. This involves regular testing, monitoring for unusual activity, and staying updated with the latest security patches and practices.

Showing 20 most recent headlines of 552 Filtered view

Bank Info Security 5 days, 1 hour ago

When Agentic AI Exposes Hidden Enterprise APIs

More from Bank Info Security 30 May 2026, 9:30 a.m. API Artificial Intelligence

Bleeping Computer 1 week, 1 day ago

How Varonis Atlas integrates Claude Compliance API for AI governance

AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. [...]

More from Bleeping Computer 27 May 2026, 2:01 a.m. API Artificial Intelligence Compliance Tools

The Hacker News 1 week, 2 days ago

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks

More from The Hacker News 26 May 2026, 12:02 a.m. Incident · 5 stories CVE-2026-26980 API CVE Critical Disclosure Flaw JavaScript SQL Threat Actor Unauthenticated Vulnerability

Bank Info Security 1 week, 5 days ago

Everyone Suddenly Wants Claude's Audit Logs

27 Enterprises Integrate Claude's Compliance APIMore than two dozen enterprise security vendors, including Microsoft, CrowdStrike and Palo Alto Networks, have built integrations with Anthropic's Claude Compliance API, an interface the company launched months ago to give corporate security teams access to Claude activity data.

More from Bank Info Security 23 May 2026, 4:00 a.m. API Compliance Crowdstrike Microsoft Palo Alto Networks

The Hacker News 1 week, 5 days ago

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data

More from The Hacker News 22 May 2026, 5:36 p.m. Incident · 3 stories API Authentication CVE Cisco Exploit Flaw Patch Unauthenticated Vulnerability

The Register 1 week, 6 days ago

Threat hunters find Google API keys still usable 23 minutes after deletion

Plenty of time for cyber crims to grab data or hit you with a giant bill

More from The Register 22 May 2026, 8:23 a.m. Theme · 2 stories API Google

Dark Reading 1 week, 6 days ago

Google API Keys Remain Active After Deletion

A security researcher discovered the API keys can still be used for up to 23 minutes after deletion, even though the cloud provider claims deletion is immediate.

More from Dark Reading 22 May 2026, 8:07 a.m. Theme · 2 stories API Cloud Google

The Register 1 week, 6 days ago

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Switchzilla says attackers could access sensitive data and make configuration changes across tenant boundaries through vulnerable internal APIs

More from The Register 21 May 2026, 11:27 p.m. Incident · 3 stories API Cisco Flaw Vulnerability

The Hacker News 1 week, 6 days ago

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure

More from The Hacker News 21 May 2026, 3:44 p.m. Incident · 3 stories API CVE Critical Database Disclosure Flaw PostgreSQL Privilege Escalation Remote Code Execution Vulnerability

Bank Info Security 2 weeks ago

AI Botnets Drive Surge in Financial Sector DDoS Attacks

Akamai Links Attack Growth to AI-Enabled Botnets and HacktivistsAkamai says AI-enabled botnets, geopolitical hacktivism and financially motivated cybercriminals drove a massive rise in DDoS, API and web attacks against global financial services firms in 2025, with banks suffering the majority of incidents.

More from Bank Info Security 21 May 2026, 8:22 a.m. API Artificial Intelligence DoS Finance

The Hacker News 2 weeks ago

Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API

Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications

More from The Hacker News 21 May 2026, 12:51 a.m. Incident · 4 stories API Antivirus China Command and Control Government Microsoft Research Symantec Threat Actor

The Hacker News 2 weeks, 2 days ago

Developer Workstations Are Now Part of the Software Supply Chain

Supply chain attackers are not only trying to slip malicious code into trusted software. They are trying to steal the access that makes trusted software possible. Recently, three separate campaigns hit npm, PyPI, and Docker Hub in a 48-hour window, and all three targeted secrets from developer environments and CI/CD pipelines, including API keys, cloud credentials, SSH keys, and tokens. This is

More from The Hacker News 18 May 2026, 11:23 p.m. API Cloud Credentials Docker Malicious Code Node.js SSH Supply Chain Theft Virtualisation

Bleeping Computer 3 weeks, 2 days ago

New GhostLock tool abuses Windows API to block file access

A security researcher has released a proof-of-concept tool named GhostLock that demonstrates how a legitimate Windows file API can be abused in attacks to block access to files stored locally or on SMB network shares. [...]

More from Bleeping Computer 12 May 2026, 10:02 a.m. API Microsoft PoC Tools

The Hacker News 3 weeks, 6 days ago

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems

More from The Hacker News 7 May 2026, 9:20 p.m. API Antivirus Kaspersky Linux Malware Microsoft Python Research

Cyber Scoop 4 weeks ago

A DOD contractor’s API flaw exposed military course data and service member records

Researchers say Schemata’s platform exposed names, emails, base assignments, and course materials before the company patched the issue and contacted government authorities. The post A DOD contractor’s API flaw exposed military course data and service member records appeared first on CyberScoop.

More from Cyber Scoop 7 May 2026, 9:15 a.m. API Critical Infrastructure Exposure Flaw Government Military Patch Research

The Hacker News 4 weeks, 1 day ago

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild

More from The Hacker News 5 May 2026, 7:37 p.m. Incident · 2 stories CVE-2026-22679 API Automation CVE Critical DevOps Flaw Remote Code Execution Unauthenticated Vulnerability

Info Security Magazine 1 month ago

Anthropic Rolls Out Claude Security for AI Vulnerability Scanning

Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required

More from Info Security Magazine 2 May 2026, 12:00 a.m. Theme · 2 stories API Artificial Intelligence Vulnerability

Bank Info Security 1 month ago

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of ScanningPatch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted researcher.

More from Bank Info Security 1 May 2026, 3:30 a.m. Incident · 3 stories API Artificial Intelligence Flaw Linux Patch Root Vulnerability

Info Security Magazine 1 month ago

Cursor Extension Flaw Exposes Developer API Keys

Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX

More from Info Security Magazine 30 Apr 2026, 3:00 a.m. API Flaw Research Theft