%term

The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Dec 4, 2025 By Wallarm In Wallarm

When data flows between two critical SaaS tools (like Salesforce and a CRM chatbot), you have zero visibility into that traffic. This leaves a gaping hole for attackers to exploit Business Logic Abuse. Since you can't see the traffic, you cannot monitor the attack. The Solution? Rigorous Vendor Management. Control Your Own Keys! The responsibility to protect your sensitive data is always yours, even in the cloud.

View Video

Wallarm

API
Security

Read more about The Most Dangerous Blind Spot in SaaS Architecture #saas #saassecurity #cloudsecurity #apisecurity

Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

Dec 4, 2025 By Wallarm In Wallarm

On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability in React Server Components (RSC), tracked as CVE-2025-55182. A working PoC was released publicly, and Wallarm immediately began observing widespread exploitation attempts across customer environments.

Read Post

Wallarm

Read more about Wallarm Halts Remote Code Execution Exploits: Defense for Vulnerable React Server Component Workflows

Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Dec 3, 2025 By Eric Schwake In Salt Security

The definition of the "edge" is changing. For years, security teams have focused on the traditional perimeter: web applications, public APIs, and user interfaces. We built firewalls, deployed WAFs, and established strict access controls to keep bad actors out. But with the rapid adoption of Agentic AI, the perimeter has expanded. Today, your "edge" isn't just where users connect to your apps; it's where AI agents connect to your data.

Read Post

Salt Security

Read more about Securing the New AI Edge: Why Salt Security Is Bringing MCP Protection to AWS WAF

Attackers Don't Need to Breach Your API -They'll Breach the Tools That Touch It

Dec 3, 2025 By Wallarm In Wallarm

The API supply chain is the new security blind spot. Attackers no longer need to breach your APIs directly; they can target the third-party services that connect to them. These unmanaged dependencies are now the shortest path to your sensitive data. The recent Mixpanel incident is a stark reminder of that fact.

Read Post

Wallarm

Read more about Attackers Don't Need to Breach Your API -They'll Breach the Tools That Touch It

Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI

Dec 3, 2025 By A10 Networks In A10 Networks

Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI Agentic AI is fundamentally changing the security landscape, transforming how we think about API protection. In this insightful discussion, A10 Networks security experts Jamison Utter and Carlo Alpuerto dive deep into the challenges presented by this new wave of automation and API consumers.

View Video

A10 Networks

Read more about Fixing Shadow APIs: Why True Remediation is Critical in the Age of AI

Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Dec 2, 2025 By Wallarm In Wallarm

The Salesloft/Salesforce incident revealed the danger of BLA 5: Artifact Lifetime Exploitation. The flaw is simple: the application fails to expire tokens and sessions properly. Stolen OAuth tokens that should have been short-lived were used to steal AWS keys, Snowflake tokens, and passwords. Key Takeaway: If an artifact is meant to be short-lived (a token, a session, a temporary file), it must be retired immediately upon expiration. Rotate your keys aggressively!

View Video

Wallarm

Read more about Your SaaS Integrations are Leaking Sensitive Data - Salesloft /Salesforce incident #aws #apisecurity

Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Dec 1, 2025 By Eric Schwake In Salt Security

In the world of cybersecurity, we have a "data" problem. We have more of it than ever before, more logs, more alerts, and definitely more APIs. But recently, this challenge has compounded. The rise of Agentic AI and Model Context Protocols (MCPs) has exploded the number of machine-to-machine connections in our environments. These agents spin up new pathways and access data in ways that are often invisible to traditional monitoring.

Read Post

Salt Security

Read more about Say Hello to Ask Pepper AI: Turning API Security into a Conversation

Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Nov 29, 2025 By SecuritySenses In SecuritySenses

Discover the top benefits of using Java for web APIs, including high performance, scalability, and robust security. Ideal for enterprise-level backend development and cloud deployments.

Read Post

SecuritySenses

Read more about Why Java Is a Powerhouse for Web APIs: Benefits for Scalable, Secure, and Smart Backend Development?

Optus Breach Lessons: Top 10 API Security Takeaways

Nov 28, 2025 By AppSentinels In AppSentinels

In September 2022, Australia woke up to the largest data breach in its history. Optus, the country’s second-largest telecom disclosed that the personal information of nearly 10 million people had been exposed. To put that in perspective, that’s almost 40% of the entire population. Among the data spilled were 2.1 million government-issued IDs – passports, driver’s licenses, Medicare cards – the kind of information that isn’t just sensitive, but life-defining.

Read Post

AppSentinels

Read more about Optus Breach Lessons: Top 10 API Security Takeaways

Bug Bounty Programs (2025) | Definition, Platforms & Costs

Nov 28, 2025 By AppSentinels In AppSentinels

“Tech giants pay hackers millions to hack them – on purpose.” What once sounded like a risky experiment has now become standard practice in cybersecurity. Bug bounty programs have moved from the fringes into the mainstream because traditional defenses alone can’t keep up with today’s scale and sophistication of attacks.

Read Post