The Most Dangerous API Security Myth
“We know what we have.” That’s the most common (and risky) assumption.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
ToolShell: Remote Code Execution in Microsoft SharePoint (CVE-2025-53770)
On July 19, 2025, a critical remote code execution (RCE) vulnerability (CVE-2025-53770, also referred to as ToolShell) was publicly disclosed, impacting on-premises Microsoft SharePoint Server installations. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely by leveraging insecure deserialization techniques.
Legacy APIs Still Bite #LegacyAPIs #APIsecurity #CyberThreats
Your web app might have MFA—but what about the API behind it? Attackers know where to look, and legacy APIs are often wide open.
Mastering API Security Testing: Stop BOLA and the OWASP Top 10 Before Deployment
APIs drive modern applications, but their increasing complexity leaves them vulnerable to attacks. How can you ensure robust API security? Join Wallarm’s webinar to discover how to tackle today’s toughest API security challenges with advanced API security testing strategies. In this webinar we will cover: Learn how Wallarm’s innovative solutions can help you identify vulnerabilities, implement reliable security measures, and streamline your API testing process. Gain actionable insights into tools, best practices, and strategies to protect your APIs effectively.
Fast Releases. Slower Security? #APIs #DevOps #ContinuousDelivery
Modern dev cycles move fast—but if security can’t keep up, APIs become entry points for attackers.
Shadow & Zombie APIs: Threats You Forgot
Shadow APIs live in the dark, and zombie APIs refuse to die. These forgotten endpoints are open doors for attackers.
Knowing Your APIs Securing Them #APIvisibility #APImanagement #DevSecOps
You might know how many APIs you have—but are you keeping them up to date, secured, and monitored? Visibility is just the beginning.
Fail-Open Architecture for Secure Inline Protection on Azure
Every inline deployment introduces a tradeoff: enhanced inspection versus increased risk of downtime. Inline protection is important, especially for APIs, which are now the most targeted attack surface, but so is consistent uptime and performance. This is where a fail-open architecture comes in.
CISO Spotlight: Andrew Storms on Trust, AI, and Why CISOs Need to Be Optimists
Andrew Storms, VP of Security at Replicated, has spent three decades on the frontlines of cybersecurity. From building Unix systems in the early ‘90s to leading incident response and AI security strategies today, he has seen the CISO role evolve from back-office function to boardroom mainstay. In this spotlight, he shares the lessons that shaped his thinking, why storytelling is a critical CISO skill, and how API security is no longer optional.
Debunking API Security Myths
I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most common API security myths. From zombie endpoints to the limits of WAFS and gateways, we covered what’s really happening on the ground; and what security teams need to do differently. Here’s a quick rundown of the key takeaways, but for the full picture, watch the full webinar.