Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Easiest Way to Get Hacked: Open Introspection. #graphql #businesslogic #apisecurity #rbi

Dec 18, 2025 By Wallarm In Wallarm
The RBI incident (Burger King, Tim Hortons) proves that BLA often results from a cascade of simple flaws, not one complex attack. The key mistake: GraphQL Introspection was enabled. This gave the attacker the full API blueprint - the map needed to find the open registration validation flaw and execute a massive data leak. Action Item: If you have GraphQL, check your production settings now. Disable Introspection. Don't hand the attacker the map to your castle!
View Video
salt security

The 12 Months of Innovation: How Salt Security Helped Rewrite API & AI Security in 2025

Dec 17, 2025 By Eric Schwake In Salt Security
As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific – the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep up. At Salt Security, we spent 2025 focused on one thing: defending the API action layer where AI, applications, and data intersect.
Read Post
link11

Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026

Dec 16, 2025 By Link11
Link11 releases new insights outlining five key cybersecurity developments expected to influence how organizations across Europe prepare for and respond to threats in 2026. The findings are based on analysis of current threat activity, industry research, and insights from the Link11 European Cyber Report, alongside broader market indicators such as PwC's Global Digital Trust Insights 2026.
Read Post
salt security

Securing the AI Frontier: How API Posture Governance Enables NIST AI RMF Compliance

Dec 16, 2025 By Eric Schwake In Salt Security
As organizations accelerate the adoption of Artificial Intelligence, from deploying Large Language Models (LLMs) to integrating autonomous agents and Model Context Protocol (MCP) servers, risk management has transitioned from a theoretical exercise to a critical business imperative. The NIST AI Risk Management Framework (AI RMF 1.0) has emerged as the standard for managing these risks, offering a structured approach to designing, developing, and deploying trustworthy AI systems.
Read Post

If You Can't Block It, You Don't Secure It. #mitigation #cyberdefense #apisecurity #blocking

Dec 16, 2025 By Wallarm In Wallarm
Detection is information; Blocking is mitigation. For Business Logic Abuse, simple detection alerts are not enough. Your tools must be able to actively block those manipulative, stateful attacks in real-time. Furthermore: Stop "one-and-done" security testing! You must continuously tune your testing by adopting an adversary's perspective. Tune your defense as constantly as attackers tune their exploits.
View Video

AppTrana AppSec Platform | AI-powered All-in-One Web and API Security Platform

Dec 16, 2025 By Indusface In Indusface
About Indusface: Indusface is a leading application security SaaS company, securing over 6,500 customers across 95 countries with its award-winning platform. Backed by leading institutional investors, Indusface is a category leader in cloud WAAP, with repeated recognition from top analysts and industry platforms including Gartner, Forrester, GigaOm, and G2. The industry's only AI-powered, all-in-one AppSec platform helps businesses discover, detect, remediate, and protect web applications and APIs at internet scale, backed by a 100% uptime guarantee.
View Video

CISO Guide: 3 Steps to Stop Business Logic Abuse in Design #ciso #businesslogic #apisecurity

Dec 11, 2025 By Wallarm In Wallarm
Fixing Business Logic Abuse starts at the whiteboard, long before code is written. Here is the three-step defense: Map Critical Workflows: Visualize data flows and state transitions for all high-value features. Implement Adversary Emulation: Integrate the hacker's mindset into your process to find flaws early. Test Constantly: Refine and re-test the logic at every phase of the CI/CD pipeline.
View Video
safeaeon

What Is API Token Hijacking? Steps to Detect and Stop the Attack

Dec 11, 2025 By SafeAeon Inc. In SafeAeon
An API token is like a small digital key that tells a system that a user or an app is allowed to act in the system. When this key gets stolen, attackers act as real users and misuse the account. It’s called API token hijacking, and this issue has grown in the last few years. Most companies are not able to detect this problem in time. It’s important for IT/security teams to understand token theft to respond quickly and build stronger protection for future attacks.
Read Post
wallarm

2026 API and AI Security Predictions: What Experts Expect in the Year Ahead

Dec 11, 2025 By Wallarm In Wallarm
This is a predictions blog. We know, we know; everyone does them, and they can get a bit same-y. Chances are, you’re already bored with reading them. So, we’ve decided to do things a little bit differently this year. Instead of bombarding you with just our own predictions, we’ve decided to cast the net far and wide. We’ve spoken to cybersecurity experts from around the world to answer what’s, for us, the most pressing question of all.
Read Post
salt security

React2Shell: The Frontend Vulnerability That Unlocks Your Internal APIs

Dec 10, 2025 By Eric Schwake In Salt Security
The cybersecurity world is currently buzzing about React2Shell (CVE-2025-55182), a critical remote code execution (RCE) vulnerability affecting React and Next.js. The scale of the threat is massive: researchers have already identified over 77,000 vulnerable IP addresses exposed to the internet, and confirmed that state-sponsored actors and opportunistic crypto miners have already breached at least 30 organizations. But if you look closely, this isn't really a story about React.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.