-
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to potential attackers. Security researchers discovered a simple path traversal flaw that en…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using honeypots, the team monitors traffic targeting edge devices and internet-facing applicati…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
On September 18, 2025, Orange Cert publicly disclosed a critical authentication bypass vulnerability affecting Nokia’s CBIS (CloudBand Infrastructure Software) and NCS (Nokia Container Service) Manager API (CVE-2023-49564). With a CVSS 3.1 score of 9.6…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cloudflare experienced a significant outage on September 12, 2025, affecting its Tenant Service API, multiple APIs, and the Cloudflare Dashboard. The company has confirmed that the incident was primarily triggered by a React programming bug that caused…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The cybersecurity landscape has witnessed a dramatic escalation in API-targeted attacks during the first half of 2025, with security researchers documenting over 40,000 API incidents across more than 4,000 monitored environments. This surge represents …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The Akamai Hunt Team has uncovered a new strain of malware that targets exposed Docker APIs with expanded infection capabilities. First observed in August 2025 within Akamai’s honeypot infrastructure, this variant diverges from the June 2025 Trend Micr…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A novel serverless command-and-control (C2) technique that abuses Google Calendar APIs to obscure malicious traffic inside trusted cloud services. Dubbed MeetC2, this lightweight, cross-platform proof-of-concept demonstrates how adversaries can seamles…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Securing APIs is a critical cybersecurity challenge in 2025 as they are the backbone of modern applications and a prime target for attackers. API penetration testing is no longer an optional check; it’s a necessity for finding business logic flaw…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
