ZDNet

GraphQL API authorization flaw found in major B2B financial platform

Cybersecurity firm Salt Labs discovered a GraphQL API authorization vulnerability in a large B2B financial technology platform. It would give attackers the ability to submit unauthorized transactions ...
SiliconANGLE

Over 1,500 apps found leaking API keys and potentially exposing user data

Security researchers have uncovered more than 1,500 apps leaking the Algolia application programming interface key and application ID, potentially exposing user data. Discovered by researchers at ...
Bleeping Computer

Nearly 12,000 API keys and passwords found in AI training dataset

Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. The Common Crawl non-profit ...
MyBroadband

Twitter accounts vulnerable to hijacking after 3,200 apps found leaking API keys

CloudSEK researchers have found 3,207 mobile applications leaking valid Twitter application programming interface (API) keys and tokens, allowing attackers to hijack compromised accounts. The affected ...
Bleeping Computer

Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired. In late November 2023, ...