Serverless Phishing Kit on GitHub Targets Mexican Banks
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
API security focuses on protecting application interfaces from unauthorized access, data exposure, abuse, and flaws in authentication or design.
Search across headline titles and summaries.
Background for this topic.
Application Programming Interfaces (APIs) are sets of rules that allow software applications to communicate and exchange data, often enabling functionality across different systems or services. APIs define how requests and responses are structured, making it possible for programs to interact without direct user involvement. In cybersecurity, APIs are commonly exposed over networks as endpoints that handle sensitive operations like data retrieval, user authentication, or transaction processing.
APIs increase the attack surface by exposing endpoints that attackers can target with unauthorized access attempts, injection attacks, or denial-of-service. Common risks include weak or missing authentication, insufficient input validation, and improper rate limiting. Effective API security requires strong authentication protocols (e.g., OAuth), strict input validation to prevent injection, rate limiting to mitigate abuse, and comprehensive logging to detect anomalies. Protecting APIs is critical to prevent data leaks, privilege escalation, and service disruption in interconnected environments.
Weekly headline count for the current query.
GitBait phishing kit abuses GitHub Pages and the SheetBest API to steal Mexican banking credentials
Aikido Security has discovered at least 15 IDE plugins on the JetBrains Marketplace
Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Akamai says 87% of organizations suffered an API-related security incident last year
Wiz Security claims Moltbook misconfiguration allowed full read and write access
The breach may have exposed OpenAI API customers’ data
Instead of relying on more traditional methods, the backdoor exploits OpenAI’s Assistants API for command-and-control communications
Rising hardware, API, and network flaws expose organizations to new risks in an AI-driven landscape
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets
Thales claims there were over 40,000 API incidents in the first half of 2025
CyCognito research finds that a third of education sector APIs, web apps and cloud assets are exposed to attack
A novel skimming attack has been observed by Jscramber, using the Stripe API to steal payment information by injecting malicious scripts into pages
A new phishing campaign has been identified using Havoc to control infected systems, leveraging SharePoint and Microsoft Graph API
99% of organizations report API-related security issues, highlighting risks from API growth
AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm
An API supply-chain attack affecting a popular online travel booking service put millions of airline users at risk
Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute
Over 80% of UK organizations suffered an API security incident in the past year, with each costing over £400,000