Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

astra

API Security vs Application Security: What's the Difference & Best Practices 2026

Dec 5, 2025 By Suyash Jain In Astra
Over the past few years, APIs have quietly become the front door to your most critical data and workflows, flipping security ownership on its head. Accountability and ownership of both API and Application security have shifted from your central infra and network teams to product, platform, and engineering squads that ship new APIs every week, and well, sometimes every day. This is where CISOs and CTOs feel the tug strengthening from both sides.
Read Post
salt security

Critical vLLM Flaw Exposes the Soft Underbelly of AI Infrastructure

Dec 5, 2025 By Eric Schwake In Salt Security
While the world worries about "jailbreaking" LLMs or preventing them from hallucinating, a critical new vulnerability has just reminded us of a fundamental truth: AI is just software, and software has bugs. A newly discovered critical flaw (CVE-2025-62164) in vLLM, one of the most popular libraries for serving large language models, allows attackers to achieve Remote Code Execution (RCE) or crash servers simply by sending a malicious API request. This isn't a failure of the AI model.
Read Post

The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Dec 4, 2025 By Wallarm In Wallarm
When data flows between two critical SaaS tools (like Salesforce and a CRM chatbot), you have zero visibility into that traffic. This leaves a gaping hole for attackers to exploit Business Logic Abuse. Since you can't see the traffic, you cannot monitor the attack. The Solution? Rigorous Vendor Management. Control Your Own Keys! The responsibility to protect your sensitive data is always yours, even in the cloud.
View Video
wallarm

Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

Dec 4, 2025 By Wallarm In Wallarm
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments.
Read Post

APIs are the Language of AI. Protecting them is Critical.

Dec 4, 2025 By A10 Networks In A10 Networks
APIs are the Language of AI. Protecting them is Critical. In this discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto explore the emerging impact of Agentic AI on the API security landscape. They delve into how AI agents, as new API consumers, are driving an explosion in endpoints and exacerbating existing security issues, pushing API protection higher up the security practitioners' priority list.
View Video
salt security

Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Dec 3, 2025 By Eric Schwake In Salt Security
The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.
Read Post
wallarm

Attackers Don't Need to Breach Your API -They'll Breach the Tools That Touch It

Dec 3, 2025 By Wallarm In Wallarm
The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact.
Read Post

Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI

Dec 3, 2025 By A10 Networks In A10 Networks
Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI Agentic AI is fundamentally changing the security landscape, transforming how we think about API protection. In this insightful discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto dive deep into the challenges presented by this new wave of automation and API consumers.
View Video

Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Dec 2, 2025 By Wallarm In Wallarm
The Salesloft/Salesforce incident revealed the danger of BLA 5: Artifact Lifetime Exploitation. The flaw is simple: the application fails to expire tokens and sessions properly. Stolen OAuth tokens that should have been short-lived were used to steal AWS keys, Snowflake tokens, and passwords. Key Takeaway: If an artifact is meant to be short-lived (a token, a session, a temporary file), it must be retired immediately upon expiration. Rotate your keys aggressively!
View Video

Copyright © 2026 OpsMatters™. All rights reserved.