Tag: Weekly
-
API Security Weekly: Issue 158
This week, we have news on a breach affecting 400 000 users of a popular German school app, and another vulnerability in a popular …
-
Two NPM Packages With 22 Million Weekly Downloads Found Backdoored
In what’s yet another instance of supply chain attack targeting open-source software repositories, two popular NPM packages with cumulative …
-
API Security Weekly: Issue #146
This week, we have the recent API fix involving group membership at Facebook, a case study of a BOLA vulnerability leaking users’ credit …
-
API Security Weekly: Issue #145
This week, we take a look at the recently discovered (and fixed) API vulnerabilities in electric car charging stations, a Udemy course on …
-
API Security Weekly: Issue #144
This week, JustDial has had to re-fix an old API vulnerability that they already fixed in 2019. We also have a set of scripts for automated …
-
API Security Weekly: Issue #143
This week, we have a detailed write-up on finding credit card numbers leaking from a GraphQL API, a lab walkthrough on hacking JSON web …
-
API Security Weekly: Issue #142
This week, we take a look at the recently reported API vulnerabilities at Coursera and in one of the Huawei home gateways. We also learn …
-
API Security Weekly: Issue #141
This week, we take a look at insecure API traffic in the VeryFitPro Android app, how APIs were used to scrape user profile data from Gettr, …
-
API Security Weekly: Issue #140
This week, we take a look at the recent API vulnerabilities reported at LazyPay, API attacks on Western Digital My Book Live NAS systems, …
-
API Security Weekly: Issue #139
This week, we take a look at the recent API vulnerabilities at Apple, Amazon, and the volunteer coordination app of the Philippine …
-
API Security Weekly: Issue #137
This week, we take a look at the recent API vulnerabilities in VMware vCenter and Apache Pulsar, how GraphQL implementations may be …
-
API Security Weekly: Issue #136
This week, we check out how API attacks can be used to squash political dissent, a handy OAuth 2.0 security checklist as well as some …
●●●