Security news aggregator

Latest coverage for API

API security focuses on protecting application interfaces from unauthorized access, data exposure, abuse, and flaws in authentication or design.

55 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Application Programming Interfaces (APIs) are sets of rules that allow software applications to communicate and exchange data, often enabling functionality across different systems or services. APIs define how requests and responses are structured, making it possible for programs to interact without direct user involvement. In cybersecurity, APIs are commonly exposed over networks as endpoints that handle sensitive operations like data retrieval, user authentication, or transaction processing.

APIs increase the attack surface by exposing endpoints that attackers can target with unauthorized access attempts, injection attacks, or denial-of-service. Common risks include weak or missing authentication, insufficient input validation, and improper rate limiting. Effective API security requires strong authentication protocols (e.g., OAuth), strict input validation to prevent injection, rate limiting to mitigate abuse, and comprehensive logging to detect anomalies. Protecting APIs is critical to prevent data leaks, privilege escalation, and service disruption in interconnected environments.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 55 Filtered view

When You Consume AI, You Inherit Every Upstream Risk You Can't SeeMost enterprises don't build AI, they consume it through APIs, open-source models and orchestration frameworks. Each layer inherits upstream risk with little visibility. This piece maps the four-layer AI supply chain and the existing security disciplines that bring it under control.

Bank Info Security 1 month, 3 weeks ago

Everyone Suddenly Wants Claude's Audit Logs

27 Enterprises Integrate Claude's Compliance APIMore than two dozen enterprise security vendors, including Microsoft, CrowdStrike and Palo Alto Networks, have built integrations with Anthropic's Claude Compliance API, an interface the company launched months ago to give corporate security teams access to Claude activity data.

Bank Info Security 2 months, 2 weeks ago

Linux 'Copy Fail' Flaw Delivers Root-Level Access to Distros

AI-Assisted Offensive Security Researcher Discovered Flaw After 1 Hour of ScanningPatch all Linux kernels issued from 2017 onwards to fix a serious vulnerability in the kernel’s cryptography API that can be easily exploited by a local, unprivileged user to gain root-level access. The major flaw is the latest to be found by an AI-assisted researcher.

Axiomatics CTO David Brossard on Why Policy-Based Access Control Fits Modern AppsStatic, role-based access control no longer matches the complexity of modern applications, APIs and data flows. Attribute- and policy-based, runtime authorization gives security teams more precision, visibility and consistency across systems, says David Brossard, CTO at Axiomatics.

Bank Info Security 14 Mar 2026, 9:30 a.m. API
Bank Info Security 4 months, 3 weeks ago

Malicious Repo Files Could Hijack Claude Code Sessions

Flaws Let Attackers Run Commands and Steal API Keys Before Trust PromptCheck Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository configuration files, before users see a trust prompt. The AI giant has patched all three vulnerabilities.

Bank Info Security 5 months, 1 week ago

Moltbook Gave Everyone Control of Every AI Agent

Database Misconfiguration Exposed 1.5 million API TokensA misconfigured database at Moltbook, the viral social network for AI agents, exposed 1.5 million API authentication tokens, 35,000 email addresses and private messages. Security researchers discovered unauthenticated read and write access to all platform data within days of launch.

Bank Info Security 5 months, 4 weeks ago

Anthropic's Cowork Shipped With Known Vulnerability

AI Agent Can Access File Upload API to Exfiltrate DocumentsSecurity researchers have demonstrated how Anthropic's new Claude Cowork productivity agent can be tricked into stealing user files and uploading them to an attacker's account, exploiting a vulnerability the company allegedly knew about.

Growing Third-Party Breach Trend Is Spreading to AI SuppliersIT organizations have built processes for reducing vendor risk, but in the AI era, that operating model is being dismantled. Modern AI environments are built on dynamic external foundational models, countless APIs, open-source components and continuous data pipelines that pose risks.

Bank Info Security 7 months, 2 weeks ago

OpenAI Suspends Mixpanel Use After Analytics Data Breach

ChatGPT Maker Probes Third-Party Data Breach; OpenAI API Users' Information ExposedOpenAI has temporarily ceased use of Mixpanel after the analytics firm disclosed a breach affecting profile data of the artificial intelligence giant's API platform users. The company is notifying impacted organizations and watching for signs of data misuse.

Bank Info Security 7 months, 3 weeks ago

WhatsApp API Could Bulk Leak User Telephone Numbers

Researchers Were Able to Query 3.5 Billion AccountsSecurity researchers were able to scoop up the telephone numbers of billions of WhatsApp users through an enumeration tool provided by app owner Meta. The sheer quantity of leaked numbers - 3.5 billion in total - would amount to "the largest data leak in history."

Bank Info Security 9 months ago

Static Credentials Expose MCP Servers to Risk

Study Finds Weak Authentication Practices Across AI Agent ServersTools developers use to connect artificial intelligence tools with external applications and data sources typically are secured by static credentials such as API keys and personal access tokens, exposing AI agent systems to theft or misuse, research shows.

Calypso’s Red-Teaming and Agentic Threat Tools Boost F5’s Application Security EdgeF5’s latest acquisition brings Dublin, Ireland-based CalypsoAI’s unique AI security stack into its platform to secure application traffic against LLM misuse, data leakage and shadow AI, enhancing protection for hybrid and multi-cloud environments and helping secure apps and APIs.

Bank Info Security 11 months, 2 weeks ago

Wallarm Secures $55M to Safeguard API-Driven Business Logic

Series C Funding Supports Evolution to Protecting API-Powered Business RevenueWith AI now outpacing cloud in enterprise adoption, Wallarm is evolving its API security platform to safeguard not just endpoints, but the business logic that drives digital revenue. With $55 million in new funding, the company is targeting CIOs and expanding globally to meet demand across sectors.

Banks Must Secure APIs, Vet Partners and Prepare for Open Finance Threats in 2025Open finance is revolutionizing banking, but it's also expanding the attack surface. Discover the critical API, data privacy and third-party risks facing financial institutions in 2025 - and how to build a secure future.

High-Severity Flaw in LangChain's AI Tooling Hub Now PatchedA flaw in the LangSmith platform, an open-source framework that helps developers build LLM-powered applications, can enable hackers to siphon sensitive data, said Noma Security. Dubbed AgentSmith, the flaw can allow attackers to embed malicious proxy configurations into public AI agents.

Loading more headlines...