%term

Stateless vs. Stateful: The Difference in Cyber Attacks #StatefulAttack #businesslogic #apisecurity

Nov 20, 2025 By Wallarm In Wallarm

The Hacker is Having a Conversation with Your API. There are two kinds of attacks you MUST understand: Stateless (Brute Force): One-and-done, instant gratification. Think SQL Injection. Stateful (Sophisticated): A persistent conversation over time. This is the signature of Business Logic Abuse. Why does this matter? Stateful attacks are executed by sophisticated threat actors who have done their due diligence on your architecture. You must evolve your defenses to monitor the entire session, not just single requests!

View Video

Wallarm

Read more about Stateless vs. Stateful: The Difference in Cyber Attacks #StatefulAttack #businesslogic #apisecurity

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Nov 19, 2025 By SquareX

SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API.

Read Post

Read more about Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

APIs Are the Retail Engine: How to Secure Them This Black Friday

Nov 19, 2025 By Wallarm In Wallarm

Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on which the business runs?

Read Post

Wallarm

Read more about APIs Are the Retail Engine: How to Secure Them This Black Friday

When your AI Assistant Becomes the Attacker's Command-and-Control

Nov 19, 2025 By Wallarm In Wallarm

Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.

Read Post

Wallarm

Read more about When your AI Assistant Becomes the Attacker's Command-and-Control

Hacked Architecture, Not Code: What is a Business Logic Attack? #businesslogic #cybersecurity

Nov 18, 2025 By Wallarm In Wallarm

Why do hackers ignore your firewalls and clean code? Because they exploit your business logic and application architecture. A Business Logic Attack (BLA) is a sophisticated manipulation that uses your own system's design against you. Learn the key difference between code flaws and architectural exploits.

View Video

Wallarm

Read more about Hacked Architecture, Not Code: What is a Business Logic Attack? #businesslogic #cybersecurity

From Cloud to Code: Salt Cloud Connect Now Scans GitHub

Nov 18, 2025 By Eric Schwake In Salt Security

One of our most-loved features is Salt Cloud Connect. In a world of complex deployments, it’s a breath of fresh air: an agentless discovery model that delivers under 10-minute deployment and rapidly gathering API-specific info in cloud platforms. Customers plug it in, and in minutes, not weeks, they get a “traffic-free”, complete inventory of their APIs across AWS, Azure, GCP, Kong, and Mulesoft. This “ease of use” provides a “wow” moment of immediate visibility.

Read Post

Salt Security

Read more about From Cloud to Code: Salt Cloud Connect Now Scans GitHub

API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

Nov 14, 2025 By Tiexin Guo In GitGuardian

In this blog, we will navigate through a few enterprise-proven methods to make API key more secure. Read on!

Read Post

GitGuardian

Read more about API Key Security: 7 Enterprise-Proven Methods to Prevent Costly Data Breaches

API Gateway vs. API Security #apisecurity #cybersecurity #architecture #devsecops

Nov 13, 2025 By Wallarm In Wallarm

Your API Gateway Is Not an API Security Solution Confusing API management with API security is a costly and dangerous mistake. An API Gateway is a traffic controller, but it has critical blind spots: It authenticates users but doesn't analyze their behavior for malicious intent. It routes traffic but doesn't inspect payloads for complex attacks. It manages access but can't detect business logic abuse.

View Video

Wallarm

API
Security

Read more about API Gateway vs. API Security #apisecurity #cybersecurity #architecture #devsecops

OWASP Top 10 Business Logic Abuse: What You Need to Know

Nov 12, 2025 By Wallarm In Wallarm

Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams up to the reality that APIs are the front door to their data, infrastructure, and revenue streams. OWASP recently published its first-ever Business Logic Abuse Top 10 List; a clear indication that the industry is taking API security and all its nuances seriously.

Read Post

Wallarm

Read more about OWASP Top 10 Business Logic Abuse: What You Need to Know

From Model Drift to API Exploitation: The Next Challenge in AI Security

Nov 12, 2025 By A10 Networks In A10 Networks

From Model Drift to API Exploitation: The Next Challenge in AI Security In this clip from "Securing AI Part 4: The Rising Threat of Hidden Attacks in Multimodal AI," Diptanshu Purwar and Madhav Aggarwal summarize why external guardrails are the only sustainable defense against the new wave of AI exploitation. Jamison Utter then sets the stage for the next topic in the series: securing the fundamental protocols and APIs that AI agents rely on.

View Video