@apisecurityio profile picture
APIsecurity.io @apisecurityio

API security news, standards, vulnerabilities, tools.

Joined September 2018
  • Tweets 1,777
  • Following 108
  • Followers 4,471
129 Photos and videos
Pinned Tweet
APIsecurity.io@apisecurityio
Feb 4
In issue #288 we look at how long-standing API security failures are being amplified by automation, AI, and increasingly aggressive exploitation timelines.  apisecurity.io/issue-288-42c…
1
341
Attackers With Decompilers Strike Again labs.watchtowr.com/attackers…

Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)

Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a...

labs.watchtowr.com
2
6
250
Thinking of connecting AI to your APIs? Best make sure your APIs are secure first. This article from Kristopher Sandoval outlines some of the risks nordicapis.com/6-big-risks-o…

6 Big Risks of Letting AI Make API Requests | Nordic APIs |

Explore six major risks of letting AI agents make API requests, from runaway costs to security gaps, and how to mitigate them safely.

nordicapis.com
1
140
A good guide on the benefits of an API-first strategy from Adrian Moto, worth a read: nordicapis.com/a-software-ar…

A Software Architect's Guide to API-First Strategy | Nordic APIs |

Learn how an API-first strategy improves design, governance, security, and AI readiness for scalable, modern software architectures.

nordicapis.com
1
108
BOLA, the top API vulnerability identified by OWASP, and yet, companies continue to get hacked because of it. This is probably one of the best ones I have read about BOLA Have a read and let me know what you think? hackernoon.com/the-authoriza…

The Authorization Gap No One Wants to Talk About: Why Your API Is Probably Leaking Right Now |...

Broken Object Level Authorization (BOLA) is eating the API economy from the inside out.

hackernoon.com
1
119
Best wishes for 2026 to you all! Now if you missed it here is an advisory from IBM: Authentication bypass in IBM API Connect - ibm.com/support/pages/node/7…
1
121
On behalf of everyone here in 42Crunch who curate the APIsecurity.io newsletter, website and social posts, we would like to thank you for your continued readership and wish you the very best for the festive season and health and happiness for you and yours in 2026!
1
3
177
700Credit data breach caused by compromised third-party API. cbtnews.com/700credits-ken-h… #apisecurity #apibreach

700Credit’s Ken Hill On Recent Data Breach News

700Credit’s Ken Hill explains the recent data breach, affected dealers, exposed customer data, and key cybersecurity steps to take now.

cbtnews.com
2
134
Why MCP Shouldn’t Wrap an API One-to-One nordicapis.com/why-mcp-shoul… #MCP #AIagent #API

Why MCP Shouldn't Wrap an API One-to-One | Nordic APIs |

Learn why one-to-one MCP API wrappers fail and how to design Model Context Protocol tools around intent for effective AI agent interaction.

nordicapis.com
2
308
Final issue in 2025. We list the 5 most frequent API vulnerabilities covered in the newsletter this year, highlighting common mistakes teams make in API development and where security efforts can deliver the biggest opportunity to reduce risk. apisecurity.io/issue-286-the…
185
Issue 285 is out now. API vulnerabilities affecting Avelo Airlines, WhatsApp, and Oracle; an incident notification from OpenAI; a survey on the role of API security in agentic AI systems; and an article examining the risks from AI-generated software. apisecurity.io/issue-285-api…
1
439
WhatsApp API flaw let researchers scrape 3.5 billion accounts bleepingcomputer.com/news/se…

WhatsApp API flaw let researchers scrape 3.5 billion accounts

Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting.

bleepingcomputer.com
1
1
184
Why APIs and API security-first are critical In The Age Of Ai smbtech.au/thought-leadershi…
163
Threat Intelligence: Analysis of the NOFX AI Automated Trading Vulnerability slowmist.medium.com/threat-i…

Threat Intelligence: Analysis of the NOFX AI Automated Trading Vulnerability

Although the NOFX project has undergone attempted fixes, the core issue remains unresolved.

slowmist.medium.com
1
191
The OWASP Business Logic Abuse Top 10 complements and enhances existing OWASP Top 10 projects by providing a cross-domain focus on business logic vulnerabilities that transcend technology stacks owasp.org/www-project-top-10…

OWASP Top 10 for Business Logic Abuse | OWASP Foundation

A very brief, one-line description of your project

owasp.org
1
2
232
APIs: the hidden foundation of AI governance business-reporter.co.uk/ai--… #apis #AI

APIs: the hidden foundation of AI governance

API are the operational backbone of AI, and so the AI agent action layer must be the focal point for governance

business-reporter.co.uk
1
1
2
190
In issue 284, vulnerabilities in trusted AI platforms, a blog post claiming an API BOLA vulnerability at Mercury Energy New Zealand, a recent interview exploring a range of API security topics and news of a new OWASP Top 10 list. apisecurity.io/issue-284-owa… #apisecurity #AIsecurity
331
65% of Leading AI Companies Found With Verified Secrets Leaks including API Keys infosecurity-magazine.com/ne…

65% of Leading AI Companies Found With Verified Secrets Leaks

A new study has revealed 65% of top AI firms have leaked sensitive data on GitHub, risking $400bn in assets

infosecurity-magazine.com
149
"..APIs are not just developer conveniences, they are business-critical assets that demand the same rigor as financial systems or customer databases..." betanews.com/2025/11/03/when… #APIsecurity
1
1
165
LLMs and AI pose a potential risk that API developers can’t afford to ignore. nordicapis.com/how-llms-are-… #APIsecurity #AI #LLM

How LLMs Are Breaking the API Contract (And Why That Matters) | Nordic APIs |

LLMs often break API contracts, posing risks for security and governance. Here's how to prepare APIs for safe agentic consumption.

nordicapis.com
100
Load more