Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Hackers Skipped the Payment Step: BLA 4 is Pure Logic Evasion #transitionvalidation #businesslogic

Nov 27, 2025 By Wallarm In Wallarm
Missing Transition Validation (BLA 4) is a subtle but devastating threat. It exploits the sequence of steps in your application's workflow. The flaw? Your application fails to check that Step 2 (Payment) occurred before allowing access to Step 3 (Confirmation). The attacker simply draws a line straight to the goal! This attack is: Difficult to Detect: It uses valid requests in an invalid sequence. Tightly Coupled: It's unique to your application's specific logic. You need deep, sequence-aware runtime protection.
View Video
salt security

Find the Invisible: Salt MCP Finder Technology for Proactive MCP Discovery

Nov 25, 2025 By Eric Schwake In Salt Security
The conversation about AI security has shifted. For the past year, the focus has been on the model itself: poisoning data, prompt injection, and protecting intellectual property. These are critical concerns, but they miss the bigger picture of how AI is actually being operationalized in the enterprise. We are entering the era of Agentic AI. AI is no longer just generating text; it is taking action. Autonomous agents read customer tickets, query databases, update financial records, and trigger workflows.
Read Post

The Missing Link in OWASP is Found: Business Logic Abuse#owasp #owasptop10 #businesslogic

Nov 25, 2025 By Wallarm In Wallarm
For years, security lists focused on technology (Cloud , Mobile , Serverless ). We desperately needed a list that focused on the core problem: flawed application logic, regardless of the stack. The OWASP Top 10 Business Logic Abuse (BLA) list fills that critical, architectural gap. Why? Because exploitation often happens between technologies, not within them. We must be able to categorize and talk about these intricate logic threats in a technology-agnostic way.
View Video

Solving Al Agent Sprawl: API Governance Across Multi Gateway Environments

Nov 24, 2025 By Salt Security In Salt Security
As organizations accelerate adoption of AI agents, autonomous workflows powered by LLMs and MCP servers are rapidly proliferating across internal systems, partner networks, cloud environments, and API gateways. The result? A sprawling, often invisible attack surface: shadow APIs, duplicate endpoints, context drift, unmanaged agent access, inconsistent policies, and risk of data exposure or compliance failures.
View Video
datadog

Secure your APIs at the edge with Datadog App and API Protection

Nov 21, 2025 By Flavien Darche In Datadog
Modern applications are constantly exposed to various malicious activities, including credential stuffing, API abuse, and advanced injection attacks. Many of these threats can be stopped at the network edge, before they ever reach your application. That’s why Datadog App and API Protection offers real-time threat detection and blocking for popular edge proxies and load balancers, which include integrations for Envoy, Istio, NGINX, and Google Cloud Load Balancers (using Google Service Extensions).
Read Post

Stateless vs. Stateful: The Difference in Cyber Attacks #StatefulAttack #businesslogic #apisecurity

Nov 20, 2025 By Wallarm In Wallarm
The Hacker is Having a Conversation with Your API. There are two kinds of attacks you MUST understand: Stateless (Brute Force): One-and-done, instant gratification. Think SQL Injection. Stateful (Sophisticated): A persistent conversation over time. This is the signature of Business Logic Abuse. Why does this matter? Stateful attacks are executed by sophisticated threat actors who have done their due diligence on your architecture. You must evolve your defenses to monitor the entire session, not just single requests!
View Video
squarex

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Nov 19, 2025 By SquareX
SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over users' devices. The research reveals that Comet has implemented a MCP API (chrome.perplexity.mcp.addStdioServer) that allows its embedded extensions to execute arbitrary local commands on users' devices, capabilities that traditional browsers explicitly prohibit. Concerningly, there is limited official documentation on the MCP API.
Read Post
wallarm

APIs Are the Retail Engine: How to Secure Them This Black Friday

Nov 19, 2025 By Wallarm In Wallarm
Can you ever imagine the impact on your business if it went offline on Black Friday or Cyber Monday due to a cyberattack? Black Friday is the biggest day in the retail calendar. It’s also the riskiest. As you gear up for huge surges in online traffic, ask yourself: have you protected the APIs on which the business runs?
Read Post
wallarm

When your AI Assistant Becomes the Attacker's Command-and-Control

Nov 19, 2025 By Wallarm In Wallarm
Earlier this month, Microsoft uncovered SesameOp, a new backdoor malware that abuses the OpenAI Assistants API as a covert command-and-control (C2) channel. The discovery has drawn significant attention within the cybersecurity community. Security teams can no longer focus solely on endpoint malware. Attackers are weaponizing public and legitimate AI assistant APIs and defenders must adjust.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.