-
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools. “In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware,” researchers Alex Cox, Mike Kosak, and
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference. In a report examining the malicious use of LLMs, the cybersecurity company
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT’s Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by OpenAI in early August. “The attack
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A threat actor has been observed advertising a new Remote Access Trojan (RAT) on underground forums, marketing it as a fully undetectable (FUD) alternative to the legitimate remote access tool, ScreenConnect.
The malware is being sold with a suite of advanced features designed to bypass modern security defenses, signaling a growing trend in sophisticated, ready-to-use cybercrime tools.
The seller claims the tool achieves zero detections during both static and runtime analysis, making it a potent threat for initial access and payload delivery operations.
This development underscores the ongoing efforts by malicious actors to exploit trust and evade detection by mimicking legitimate software and processes.
Bypassing Security With Advanced Evasion
The primary selling point of this new RAT is its ability to bypass security warnings from both Google Chrome and Windows SmartScreen.
FUD Malware Claim The threat actor claims this is achieved by bundling the malware with a valid Extended Validation (EV) certificate.
EV certificates are a high-assurance digital identity standard that typically causes browsers to display a green bar or the company’s name, instilling a false sense of security in the victim.
The package also includes antibot mechanisms and cloaked landing pages. These features allow the malware to present benign content to security scanners and sandboxes while delivering the malicious payload to genuine targets, a common tactic for evading automated analysis.
The provided advertisement showcases a convincing but fraudulent Adobe Acrobat Reader download page, demonstrating a typical social engineering scheme for delivery.
According to the seller’s post, the RAT is equipped with a remote viewer, granting the attacker direct visual control over a compromised machine’s desktop.
This capability allows for real-time monitoring, data exfiltration, and interactive system manipulation. Furthermore, the tool utilizes a PowerShell-based command to load its executable. This fileless technique helps it remain hidden from traditional antivirus solutions that primarily focus on scanning files on disk.
The actor explicitly states the tool can be used as a “FUD loader,” indicating its primary function may be to establish a persistent and stealthy foothold on a target system before deploying secondary payloads, such as ransomware, spyware, or banking trojans.
The seller offers a demo and promises delivery within 24 working hours, suggesting a professional and operationalized service.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Threat Actors Selling New Undetectable RAT as ’ScreenConnect FUD Alternative’ appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
MAUI SPACE SURVEILLANCE COMPLEX, Hawaii—China is “intentionally trying to do things” in space “so we don’t see it,” from changing the brightness of their satellites to maneuvering in what it believes are the United States’ blind spots, and the U.S. Space Force has to “keep pace, and we’ve got to keep advancing our capabilities so that that’s harder and harder for them to do,” the chief of space operations said this week.
“If you’re going to do something irresponsible, we’re going to see it. We’re going to tell the world, and then we’re going to react and respond,” Gen. Chance Saltzman said in an interview.
But the general noted that talking about it—even while standing on the windy roof of the Pentagon’s largest telescope, which itself sits atop a 10,023-foot volcano—is much easier than doing it.
In the “theory of success” Saltzman laid out in early 2024, he names three components for maintaining space superiority: Avoid operational surprise, deny first-mover advantage, and confront malign activity. Space domain awareness—tracking what goes on in space—is essential to the first of those three, and officials say this island complex is uniquely suited for the task.
“From a space perspective, this particular piece of land is pretty important because some of the work you can do here, you just can’t do elsewhere,” Saltzman said. “We don’t take it for granted that we have access to this kind of land.”
The service’s domain-awareness efforts are led by Mission Delta 2 under Col. Barry Croker, who noted that today’s visitors had driven into, and then out of, fluffy cumulus clouds on their way to the summit.
The top of Haleakala is “almost always above the weather,” with crisp, clear air, Croker said. “Think about where we are located, and what we can see in our field of view. So all the things that are in geostationary orbit, hovering about the Earth now, that are over the Pacific. This is a great place to look, because we can see almost all the way to the United States [West] Coast, but we can also see west towards, over mainland China, that area.”
Because of the elevation, weather, and other conditions, the peak of this long-dormant volcano is “the third-best place to put a telescope in the world,” and the best for looking at the sky during the day, said Lt. Col. Douglas Thornton, commander of 15th Space Surveillance Squadron.
This Advanced Electro Optical System telescope was built in the 1990s. Despite its massive size, it can rotate quickly enough to track satellites or ballistic missiles, though it only sees a small portion of the sky—about the width of about two-and-a-half pinky fingers held at arm’s length.
It takes a satellite in low-Earth orbit about five to nine minutes to pass overhead, Thornton said, so the telescope tracks that, “and then we have the laser guide star that shoots up, we’re correcting that image, and so that way we can see what the the satellites are, and we can make out, you know, solar panels and other things on there.”
While this particular telescope has a great capability to track a LEO satellite overhead, Saltzman said it only captures about 10 percent of its total orbit. So if a satellite maneuvers as soon as it leaves the field of view, or does “something weird,” it may not be where one might expect when it comes back around. “What we have is adversaries that are trying to be deceptive, trying not to let us track their” assets.
Added Croker: “We built a really great system for telling us where things were. It’s difficult to know where things are going to be.”
The orbital-awareness mission started before space was a “warfighting domain,” he said, so “it was keeping track of things that were in space to make sure we weren’t running into each other. Today we’re tracking over 40,000 pieces of things in space, and so from just a ‘things moving around’ [perspective], that’s really important. How do you launch a new satellite into orbit and make sure you’re not going to hit something?”
Saltzman said the stakes couldn’t be higher.
“The other services built their force structures around the presumption that they will have access to space,” he said. “They take it for granted, and they’ve been able to do that, but that’s just not the case anymore. So now we’ve got to understand what’s going on up there, build those resilient architectures, and be able to respond in kind if [adversaries] create problems for us.”
To protect the assets and capabilities the Pentagon and commercial industry has in space, Croker said, the Space Force must track not just what is where, but who is where—and what their intent is.
“We see a lot of proliferation of capabilities on orbit,” he said. “And we go, is that really a research technology? Or could they have another purpose for that? The ability to grab onto something and move it to a different orbit, is that junk removal or, you know, maybe the way they're exercising that and the places they're doing it, maybe there's other capabilities that they're trying to develop.”
The AEOS telescope is one of several telescopes here; among the others are three Ground-Based Electro-Optical Deep Space Surveillance Systems telescopes, which are smaller and older but are undergoing Ground-Based Electro-Optical Sensor System upgrades now—which entails modernizing the sensors, optics, algorithms, and post-processing of the data so they can “see smaller, dimmer things further” into space, Thornton said. A similar upgrade at White Sands Missile Range in New Mexico was completed in August, while the Maui upgrade is not expected to be finished until April or later.
Because the 15th SPSS has an Air Force Research Laboratory team that operates experimental systems, that team was “able to procure the sensor that’s going on the back of it before we got it on our telescopes, and they were able to test it out, see how it works and everything, before we actually put it in operations,” he said.
“Our mantra has been that ‘operations drive research, and research evolves operations,’ and we really try to stick to that with everything we do here.”
The site is not without controversy. Native Hawaiians consider Haleakala a sacred space, and Space Force proposals for additional telescopes on the summit have been met with protest. A fuel leak at the site in 2023 also angered locals, and the Space Force is amid a multi-year process to clean up the fuel without removing any dirt from the site.
In a speech at the AMOS conference the day after the telescope tour, Saltzman said the Space Force is “honored to be associated” with Haleakala, adding that the service is “fully committed to respecting the mountain’s cultural and spiritual significance and moving forward only in complete partnership with the community.”
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
New York, New York, September 19th, 2025, CyberNewsWire
BreachLock, the global leader in offensive security, has been recognized as a Sample Vendor for Penetration Testing as a Service (PTaaS) in the 2025 Gartner Hype Cycle for Application Security.
The company was also recognized as a sample vendor for Adversarial Exposure Validation (AEV) in the Gartner report, “From Defense to Offense: How to Champion Proactive Cybersecurity.”
This recognition from Gartner, following BreachLock’s designation as a Sample Vendor in multiple other 2025 Hype Cycle reports earlier this year, underscores BreachLock’s commitment to delivering more scalable, flexible, and efficient penetration testing and offensive security solutions for modern security teams.
Commenting on the recognition, BreachLock Founder & CEO, Seemant Sehgal, expressed, “It’s an honor to be recognized by Gartner so consistently over the years as BreachLock continues to innovate and raise the bar not only in penetration testing, but now in adversarial exposure validation.”
He added, “Our growing impact and leadership in the market is a direct reflection of our team’s genuine passion for listening and adapting to our clients’ needs, whether it’s more flexibility, scalability, better vulnerability prioritization, support, or innovative new solutions.”
BreachLock’s flexible PTaaS delivery model empowers enterprises to test their full-stack attack surface as broadly and frequently as needed, whether that’s periodically or continuously, by combining the power of human expertise, AI efficiency, and automated scalability into a single solution.
With BreachLock PTaaS, security teams can identify their vulnerabilities in real-time, visualize attack paths, and easily prioritize remediation based on actual risk so they can be remediated faster and more effectively.
BreachLock Adversarial Exposure Validation, its Gen AI-powered autonomous red teaming engine, enables enterprises to launch their own unlimited, multi-step attack scenarios in just a few clicks on demand or continuously.
AEV thinks and moves like a real attacker, leveraging live threat intelligence, pivoting, and moving laterally to reveal where defenses succeed or fail.
With BreachLock AEV, security teams can scale coverage without adding headcount and focus remediation efforts on validated risks that could lead to high-impact breaches.
Gartner highlights in the Hype Cycle for Application Security that “PTaaS overlaps with adversarial exposure validation (AEV), which is an adjacent market, yet they are different in terms of adoption and operation.
AEV focuses on continuous, real-world attack simulations, while PTaaS emphasizes human expertise and integration with development processes for on-demand or continuous testing,” citing this as an obstacle.
While PTaaS and AEV are at different stages and do have some overlap, BreachLock offers both solutions in a single platform, simplifying adoption and implementation for customers.
Looking ahead to the coming years, BreachLock will continue innovating in the offensive security space to help organizations take control of their attack surface, reduce operational complexity, and strengthen defenses as threats evolve.
BreachLock remains committed to delivering forward-thinking solutions that empower security teams to safeguard their organizations with confidence.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation.
Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About BreachLock
BreachLock is a global leader in offensive security, delivering scalable and continuous security testing.
Trusted by global enterprises, BreachLock provides human-led and AI-powered Attack Surface Management, Penetration Testing as a Service (PTaaS), Red Teaming, and Adversarial Exposure Validation (AEV) solutions that help security teams stay ahead of adversaries.
With a mission to make proactive security the new standard, BreachLock is shaping the future of cybersecurity through automation, data-driven intelligence, and expert-driven execution.
Contact
Senior Marketing Executive
Megan Charrois
BreachLock
megan.c@breachlock.com
The post BreachLock Named Sample Vendor for PTaaS and AEV in Two New 2025 Gartner® Reports appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Phishing campaigns have long relied on social engineering to dupe unsuspecting users, but recent developments have elevated these attacks to a new level of sophistication.
Attackers now harness advanced content-generation platforms to craft highly personalized emails and webpages, blending genuine corporate branding with contextually relevant messages.
These platforms analyze public social media profiles, corporate press releases, and user activity to generate text that mirrors a victim’s communication style, greatly increasing the likelihood of engagement.
The resulting emails often bypass basic filters by avoiding known malicious keywords and employing dynamic content that changes with each delivery.
At the same time, these platforms integrate real-time language models to refine phishing templates on the fly, adapting to evolving email defenses and user responses.
This continuous learning loop allows campaigns to shift message templates within minutes, making static blocklists effectively obsolete.
Trend Micro researchers identified several clusters of these AI-enhanced phishing waves in August 2025, each targeting different industry verticals—from financial services to healthcare—demonstrating the breadth of the threat landscape.
.webp)
Fake captcha page (Source – Trend Micro) As organizations scramble to deploy heuristic and behavior-based filters, attackers counter with polymorphic payloads that mutate both text and embedded URLs in real-time.
Beyond email, attackers leverage these platforms to generate convincing duplicate login portals hosted on cloud infrastructure, complete with valid SSL certificates and region-specific IP addresses.
.webp)
Captcha page does not redirect to the phishing page if the answer is incorrect (Source – Trend Micro) The combination of genuine-looking domains, valid certificates, and personalized messaging leads many users to overlook subtle warning signs.
Trend Micro analysts noted that such campaigns often include a brief authentication step mimicking multi-factor prompts, further reducing suspicion by aligning with standard corporate login flows.
.webp)
Phishing page after the captcha is solved (Source – Trend Micro) Once credentials are harvested, follow-on malware delivers a lightweight loader that contacts a command-and-control server over HTTPS, blending in with normal web traffic.
In parallel with credential theft, these campaigns deploy various evasion techniques within their code. Embedded scripts employ encryption and obfuscation routines to conceal their true purpose, only decrypting at runtime.
The loader, written in PowerShell, leverages native Windows API calls to disable monitoring services before deploying the final payload.
A representative snippet illustrates how the script resolves API functions dynamically:-
$kernel = Add-Type –MemberDefinition @" [DllImport("kernel32.dll")] public static extern IntPtr GetProcAddress(IntPtr hModule, string procName); "@ –Name "Kernel" –Namespace "Win32" $hMod = [Kernel]::GetModuleHandle("ntdll.dll") $addr = [Kernel]::GetProcAddress($hMod, "NtOpenProcess")Evasion Techniques and Detection Challenges
A critical aspect of these AI-driven campaigns lies in their ability to evade signature-based and behavioral detection systems.
The dynamically generated HTML payloads include randomized element IDs and inline style definitions that change with each interaction, rendering signature matching ineffective.
On the network side, attacker-controlled domains employ fast flux DNS to rotate authoritative name servers, while the malicious loader establishes encrypted tunnels over standard ports, camouflaging traffic among legitimate SSL connections.
Endpoint sensors that rely on static heuristics are frequently bypassed as the loader disables Windows Event Logging for PowerShell execution, then reinstates logging settings once the secondary payload activates.
This hit-and-run strategy leaves minimal forensic artifacts, complicating post-incident analysis and prolonging dwell time for threat actors.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Phishing Attacks Using AI-Powered Platforms to Misleads Users and Evades Security Tools appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It’s assessed to be affiliated with Iran’s Islamic
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
·
Air Force brings great-power conflict concept to the Caribbean. When Kentucky Air National Guard troops recently “seized” an airport on St. Croix in the U.S. Virgin Islands, they were practicing Agile Combat Employment, a maneuvering scheme intended to enable the Air Force to generate combat power despite the anti-access/area denial efforts of China, Russia, and others. But experts said the wargame—part of the larger, long-planned Emerald Warrior exercise organized by Air Force Special Operations Command—might also serve as a message to drug cartels and unfriendly governments in the region. Defense One’s Thomas Novelly reports, here.Commentary: Mexico’s new president is trying to fight the cartels; a U.S. invasion would do more harm than good. That’s the argument in Foreign Affairs from a group of counter-terror policy practitioners led by CSIS’s Ryan Berg; read on, here.
Special-ops helicopter crash: Four members of the elite 160th Special Operations Aviation Regiment were in a Black Hawk that went down outside Olympia, Washington, on Wednesday evening, Army officials said in a statement. Few other details have been released; local police say they’ve found the crash site. Task & Purpose rounds up what we know, and provides some context, here.
Get a better handle on lasers versus drone swarms via a new industry explainer on the growing trend, published Thursday by the New York Times.
Mentioned: The “Apollo” 100-kilowatt laser from Australia’s Electro Optic Systems, and Israel’s Iron Beam, which was declared operational earlier this week. Also, the U.S. military “is working to develop a one-megawatt weapon next year,” which “potentially could shoot down ballistic missiles and hypersonic weapons.”
Lasers of this sort are “going to be a total revolution in the history of warfare,” said Yuval Steinitz, chairman of the Israeli weapons supplier Rafael Advanced Defense Systems. “This is just the beginning of the beginning,” he said.
Related reading: “The US Military Used Lasers to Shoot Down a Drone in 1973,” Paleofuture reported almost 10 years ago.
Trump wants Bagram again? Five years after he signed a deal to withdraw from Afghanistan, President Trump on Thursday said he wanted to take Bagram Air Base back from the Taliban. Speaking to reporters during a visit to Windsor Castle in the UK, Trump said, “Bagram, the big air base, one of the biggest air bases in the world, we gave it to them for nothing. We're trying to get it back by the way, okay? That could be a little breaking news. We're trying to get it back because they need things from us, we want that base back.” It’s unclear to whom Trump was referring to with “they.”
“One of the reasons we want the base is, as you know, it's an hour away from where China makes its nuclear weapons,” Trump said—echoing a line he’s first known to have spoken in April 2022, and again this past February when he told reporters, “it's exactly one hour away from where China makes its nuclear missiles.” It’s not clear what he’s referring to, but Ankit Panda of the Carnegie Endowment for International Peace has pointed out that Afghanistan is somewhat close-ish to China’s nuclear test site at Lop Nur—though the site is much closer to Mongolia and even Russia than Bagram.
“That was gross incompetence to give [Bagram] up” when the U.S. military left in August 2021, Trump told reporters on Air Force One later Thursday. “It's one of the most powerful bases in the world in terms of runway strength and length. The strength and length, you can land anything on there.”
But the Air Force is working to move away from giant bases, which service leaders call untenable in the face of new weapons and tactics. One day before Trump’s remarks, the three-star in charge of Air Force futures wrote, “No longer can the Air Force rely on Bagram-style air bases as sanctuaries, thanks to anti-access and area-denial capabilities developed by China and others. To deter and defeat adversaries, the service must focus on agility, adaptability, and operating with a smaller footprint in austere environments.” Read that in Defense One, here.
Expert reax: The Taliban can’t be trusted, warns Bill Roggio of the Washington-based Foundation for the Defense of Democracies. “President Trump should take care to not repeat the mistakes of both his first administration and the Biden administration in believing that the Taliban is a partner that can be trusted,” Roggio told Defense One. “The Trump administration’s mistake in negotiating with the Taliban and signing the Doha Agreement in Trump’s first term set the stage for the Biden administration’s disastrous withdrawal,” he noted.
Also: “The Taliban fought for 20 years to eject the United States and it will not permit the U.S. to return,” Roggio pointed out.
Then there’s China: “Even if the Taliban considered this, China most certainly would do everything it can to entice the Taliban to keep the U.S. out of Afghanistan and has far more leverage and enticements to make this happen,” Roggio predicted, and ended with a final warning, “The Trump administration should be very careful not to grant the Taliban concessions only to be prevented access to Bagram in the end.”
Additional reading:
- “Military leaders consider recruiting campaign centered around Charlie Kirk” and using offices of his partisan Turning Point organization, NBC News reported Thursday;
- “Congress moves to counter Hegseth on base names that evoke Confederacy,” the Washington Post reported Tuesday;
- “Small US defense stocks soar on rush for next-gen battlefield tech,” Reuters reported Thursday, citing recent gains from drone makers Kratos Defense and AeroVironment, components maker Astronics, and defense tech firm Mercury Systems;
- And ICYMI, the Pentagon wants to sell Peru a dozen F-16s for $3.4 billion. The Defense Security Cooperation Agency announced the pending sale on Monday. Details here.
Welcome to this Friday edition of The D Brief, a newsletter dedicated to developments affecting the future of U.S. national security, brought to you by Ben Watson with Bradley Peniston. It’s more important than ever to stay informed, so thank you for reading. Share your tips and feedback here. And if you’re not already subscribed, you can do that here. On this day in 2019, an errant U.S. military drone strike killed 30 Afghan farmers and wounded more than 40 others.
Around the world
Ukraine has received its first arms through a new NATO aid pool: the Prioritized Ukraine Requirements List, an unnamed alliance official told the National Public Broadcasting Company of Ukraine.
No details were immediately available, but in a press conference, President Volodymr Zelenskyy said the first PURL shipments would contain interceptors for Patriot air defense systems and HIMARS munitions, the Associated Press reported.
$3.5B expected: Zelenskyy said the pool contains about $2 billion and another $1.5 billion is expected by next month. Read more, here.
Explainer: How PURL works, from The Gaze, a Ukrainian-government site.
Ukraine arms-industry expansion is being funded by European governments that want to deter Russia—and eventually buy Ukrainian arms for their own militaries. AP reports: “Ukraine’s weapons industry now meets nearly 60% of its army’s needs, up from 10% when Russia’s full-scale invasion began 3 1/2 years ago, according to its defense minister. But its military budget—$64 billion in 2024—is less than half the size of Russia’s, which is why it turns to Western allies for weapons and, increasingly, money.” More, here.
Related reading:
- “Russia, Vietnam using energy profits to avoid possible US sanctions for arms deals,” sending money through back channels instead of banks, AP reveals in an exclusive report;
- “U.S. Government to Invest $75 Million in Ukraine’s Minerals,” a deal Kyiv hopes will keep the Trump administration involved in its defense, the New York Times wrote on Wednesday;
- “He Fled Putin’s War. The U.S. Deported Him to a Russian Jail.” Read that at the NYT, here.
Saudi Arabia signed a mutual defense pact with nuclear-armed Pakistan on Thursday, which is “a week after Israel's strikes on Qatar upended the diplomatic calculus in the region,” Reuters reports. “This is a comprehensive defensive agreement that encompasses all military means,” the Saudis said. Wider context: The Wall Street Journal described it as “the first recent significant example of a longstanding U.S. partner in the Middle East seeking to move away from dependence on Washington for national security.”
The pact also “marks a blow for a U.S.-led plan to integrate Israel more closely into a Middle East security partnership to contain Iran,” the Journal reports.
For what it’s worth, “Saudi Arabia has loaned Pakistan $3 billion, a deal extended in December, to shore up its foreign exchange reserves,” Reuters notes. More, here.
A Taiwan arms expo on Thursday “double[d] its previous number of exhibitors, as firms flock for a slice of the island's increased defence spending,” Reuters reported from the capital city. “The Taipei Aerospace and Defence Technology Exhibition features 490 exhibitors at 1,500 booths, up from 275 exhibitors at about 960 booths in 2023, when it was last held,” the wire service explained.
Several weapons deals are expected to be finalized soon, including “with U.S and Canadian companies for weapons such as anti-drone rockets from Canada's AirShare and underwater surveillance drones from U.S. firm Anduril.” More, here.
What weapons should Taiwan consider to help thwart an invasion from Beijing? We discussed the question last year on the Defense One Radio podcast, featuring Dmitri Alperovitch and retired Australian Maj. Gen. Mick Ryan.
Related reading: “What the rapid pace of AI means for China’s threats toward Taiwan,” via Defense One’s Patrick Tucker, reporting Thursday.
And lastly, there’s a new thriller coming out about nuclear weapons, missile defense, and human psychology. It comes from “Zero Dark Thirty” director Kathryn Bigelow, and it’s called “A House of Dynamite,” which will begin streaming on Netflix October 24.
The tagline for the movie is “Not if. When.” The longer description is as follows: “When a single, unattributed missile is launched at the United States, a race begins to determine who is responsible and how to respond.” It stars Rebecca Ferguson from the “Mission: Impossible” films and Idris Elba, who we often associate most with HBO’s Baltimore-based drama series “The Wire.”
The film is generating Oscar buzz, Variety reported Thursday.
Critical reax: “Bigelow’s ability to take a series of hypotheticals and render them into narrative actuality has never been more pinpoint accurate or merciless,” Glenn Kenny of RogerEbert.com writes, “One irony of the scenario is that the personnel depicted here have been thoroughly trained to deal with this eventuality. But once the eventuality is ongoing, these folks can’t help but fall apart.”
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In today’s rapidly evolving digital landscape, APIs (Application Programming Interfaces) have become the backbone of online business, connecting services, and enabling new customer experiences.
However, as the API footprint grows, so does the attack surface making robust API security testing a critical pillar of enterprise cyber defense in 2025.
Whether you’re a security analyst, DevSecOps professional, or a technical decision-maker, finding the right API security testing partner is essential for safeguarding sensitive data, maintaining compliance, and defending your brand’s reputation.
This article ranks and reviews the 10 best API security testing companies for 2025.
Each company’s strengths, specifications, features, and unique value propositions are covered, so that you can make an informed buying decision.
Every review includes a yes/no comparison table, key features, reasons to buy, and a dedicated “Why We Picked It” section. Official website links are included where indicated.
Why API Security Testing Companies In 2025
API security breaches have surged globally, with attackers targeting poorly protected endpoints and exploiting API logic flaws.
Robust API security testing helps proactively identify vulnerabilities, enforce compliance, and protect business-critical applications.
In 2025, companies demand automated discovery, machine learning behavioral analysis, CI/CD integration, detailed reporting, and remediation guidance making specialist API testing partners indispensable.
Comparison Table: Top 10 Best API Security Testing Companies 2025
Tool Name Automated API Discovery Business Logic Testing Real-Time Alerts CI/CD Integration Salt Security 
Yes Yes Yes YesImperva Yes Yes Yes YesAkto Yes Yes Yes YesAPIsec Yes Yes Yes YesMetlo Yes Yes Yes YesStackHawk Yes Yes Yes YesF5 Yes Yes Yes YesCequence Security Yes Yes Yes YesTraceable AI Yes Yes Yes YesPynt Yes Yes Yes Yes1. Salt Security
Salt Security Why We Picked It
Salt Security leads the 2025 API security ecosystem with its AI-powered approach to runtime protection, API discovery, and behavioral analytics.
Its platform is trusted by some of the world’s most data-intensive organizations, continuously monitoring for logic flaws and abuse patterns missed by traditional tools.
Salt’s risk-driven approach means it identifies shadow APIs and exposed sensitive data, helping teams maintain compliance and avoid regulatory fines.
In a threat landscape where attackers are increasingly leveraging AI and sophisticated methods, Salt’s intelligent threat detection engine stands out.
Specifications
Salt Security operates as a SaaS and hybrid model, supports REST, GraphQL, SOAP, and gRPC protocols, and includes native integrations for major CI/CD providers.
AI-based traffic analysis and anomaly detection offer 24/7 coverage. It provides posture assessment, real-time alerts, and automated remediation advice.
The solution supports compliance programs (GDPR, HIPAA, PCI), and includes dashboard analytics for audit reporting. Deployment ranges from cloud-native agents to inline appliances.
Features
The platform’s features include continuous API discovery, behavioral logic attack detection, contextual threat scoring, sensitive data tracking, and compliance posture monitoring.
Salt supports integration with SIEM/SOAR systems, provides developer-first remediation, and allows for extensive custom rule creation.
API intelligence dashboards help prioritize risks, and there’s automated mapping of data flows to ensure no endpoint goes unchecked.
Reason to Buy
Organizations seeking to proactively defend their APIs, reduce the risk of data leaks, and streamline compliance will find Salt Security essential.
Its real-time analytics, comprehensive visibility, and advanced threat detection capabilities make it an ideal fit for modern enterprises and critical infrastructure providers.
Pros
- Comprehensive runtime behavioral analytics
- Fast, automated API discovery
- Developer-focused remediation workflows
- Compliance automation
- Scalable to large API estates
Cons
- High cost for small teams
- Requires initial onboarding/tuning
Best For: Enterprises with complex, high-risk API environments or advanced compliance requirements.🔗 Try Salt Security here → "Salt Security Official Website"2. Imperva
.webp)
Imperva Why We Picked It
Imperva has established itself as a trusted leader in cloud security, extending its expertise into API protection—meeting the demands of large-scale, highly regulated environments.
Imperva’s automated positive security model offers a proactive posture, adapting in real time to new APIs as they are rolled out by dev teams, and automatically building protection based on uploaded API specs.
A robust suite of DAST capabilities and runtime protection ensures that both public and private APIs are covered.
Integration with Imperva’s core offerings (WAF, bot management) simplifies hybrid security management and gives customers a unified dashboard for threat analysis.
Enterprise-grade authentication and compliance support are key, and organizations benefit from automated vulnerability testing and reporting.
Specifications
Imperva’s API Security platform supports REST, SOAP, and GraphQL APIs. It offers SaaS and on-premises deployment, automatic discovery, customizable DAST coverage, reporting on test results, and runtime attack mitigation.
Integration with CI/CD and SIEM platforms is included, as well as role-based management.
Features
Features include automated API discovery, vulnerability scanning, runtime threat defense, centralized dashboard, positive security policy generation, and deep integration with Imperva’s WAF/bot products.
The platform ensures that even undocumented or legacy APIs receive appropriate coverage.
Reason to Buy
Imperva is a great fit for organizations already invested in Imperva security stacks, or any business seeking a unified platform for both application and API security that scales in large environments.
Pros
- Deep automation and integration with Imperva WAF
- Automated API inventory/discovery
- Built-in runtime protection
- Compliance-ready reporting
- Strong DAST capabilities
Cons
- Less “shift-left” coverage
- Pricing may be high for smaller operations
Best For: Large enterprises looking to extend existing application security infrastructure to APIs effortlessly.🔗 Try Imperva here → "Imperva Official Website"3. Akto.io
.webp)
Akto.io Why We Picked It
Akto.io claims the spot as the high-performance API scanning vendor of choice for enterprises in 2025, offering the industry’s largest API test repository with over 1000 custom tests.
Covering every critical class of vulnerability, Akto’s library includes unique logic, authentication, and authorization cases missed by competitors.
The platform enables contextual, intelligent DAST without the dependency on Swagger files or Postman, replaying real user traffic and analyzing complex data flows.
Akto’s custom test rules are especially useful for organizations with unique business logic, and its plug-and-play integrations make onboarding straightforward for modern DevOps and security teams.
Rapid test authoring, real-time alerts, and seamless CI/CD automation help teams identify new vulnerabilities as production expands, driving confidence for risk-conscious organizations.
Specifications
Akto.io is SaaS-based, supporting REST, GraphQL, and other modern API types.
Key integrations include leading CI/CD tools, developer ticketing, and notification platforms. Offers centralized dashboards for compliance and risk tracking, and custom rule configuration.
Features
Features comprise the largest library of out-of-the-box and custom security tests, intelligent traffic replay, contextual findings, agile test authoring, and flexible reporting options.
Business logic flaws, authentication issues, and sensitive data exposures are prioritized.
Reason to Buy
Organizations seeking broad vulnerability coverage and rapid detection—including logic flaws and advanced authentication vectors gain strong value from Akto’s deep test library and easy deployment.
Pros
- Widest test coverage
- Intelligent, traffic-based scanning
- Custom test authoring
- Real-time results and alerts
- Seamless CI/CD linkage
Cons
- Deepest value for larger API estates
- Requires time to tailor custom tests
Best For: Enterprises with demanding security requirements and complex, ever-evolving API environments.🔗 Try Akto.io here → "Akto.io Official Website"4. APIsec
.webp)
APIsec Why We Picked It
APIsec is a cutting-edge solution for organizations seeking continuous, automated API penetration testing that runs in parallel to deployment pipelines.
Known for its AI-powered attack simulations, the platform delivers rapid vulnerability findings throughout the SDLC.
APIsec excels in logic flaw detection and comprehensive endpoint scanning, going far beyond legacy DAST to simulate thousands of real-world attack vectors.
The platform empowers development and security teams to find and fix issues early, leveraging detailed remediation guidance and real exploit verification to reduce false positives.
APIsec integrates seamlessly with major CI/CD tools, offering automated ticketing for detected vulnerabilities.
Specifications
Delivered via SaaS, APIsec analyzes REST, GraphQL, SOAP APIs, supporting dynamic attack simulation, role-based policies, comprehensive coverage of the OWASP API Top 10, and in-depth reporting.
Integrates with development/ticketing workflows and operates with “no code” endpoint onboarding.
Features
Highlights include automated scan scheduling, attack simulation playbooks, penetration testing support, role-based reporting, real-time data flows, and analytics dashboards.
Ticketing integrations automate remediation workflows, and coverage extends to authentication/authorization, logic, and compliance gaps.
Reason to Buy
APIsec is the platform of choice for businesses aiming for deep, repeatable API pentesting without the bottleneck of traditional services, and for dev teams prioritizing continuous assessment.
Pros
- Rapid, automated attack simulation
- Full lifecycle coverage
- Deep business logic and endpoint scanning
- Granular analytics and reporting
- Direct ticketing/remediation integration
Cons
- Pricing tiering for very large environments
- Some advanced scenarios may require tuning
Best For: Fast-moving development teams, SaaS platforms, and tech enterprises wanting repeatable, automated API pentests.🔗 Try APIsec here → "APIsec Official Website"5. Metlo
.webp)
Metlo Why We Picked It
Metlo is an open source API security platform, focusing on rapid inventory, real-time detection, and automated blocking of malicious actors.
It is popular for its quick setup (under 15 minutes), making enterprise API security highly accessible.
Metlo is trusted by small and mid-size organizations for its simplicity, proactive monitoring, and seamless integration into cloud and development environments.
The tool employs ML-driven attack profiling and supports proactive API vulnerability testing directly within the platform.
Specifications
Metlo supports self-hosted and cloud deployments, automatically discovers endpoints, and integrates with Python, Java, Go, and Node stacks.
The platform includes granular PII data analyses, risk scoring, and comprehensive reporting dashboards.
Features
Core features are endpoint inventory, ML-powered attack detection, real-time malicious actor blocking, vulnerability reporting, custom risk scoring, and seamless CI/CD pipeline integration.
Metlo includes an HTTP request editor for building advanced security tests, automated alerts, and supports proactive compliance mapping.
Reason to Buy
Metlo’s open source ethos, fast setup, and autonomous attack detection make it a strong choice for growing organizations seeking control and customization.
Its community-driven development ensures continual innovation and adaptability to evolving threats.
Pros
- Open source and highly customizable
- Rapid setup and ease of use
- Real-time threat detection
- Detailed inventory and risk scores
- Proactive compliance workflows
Cons
- Limited enterprise support
- Requires manual configuration for advanced integrations
Best For: SMEs, open source enthusiasts, budget-conscious teams, rapid inventory🔗 Try Metlo here → "Metlo Official Website"6. StackHawk
.webp)
StackHawk Why We Picked It
StackHawk empowers organizations to “shift left” by integrating dev-native API security testing directly into source code repositories and CI/CD pipelines.
Its unique approach reveals shadow, zombie, and undocumented APIs from source, orchestrating automated scans for sensitive data and compliance risks.
StackHawk bridges the gap between security and development by providing actionable, context-rich remediation advice eliminating the backlog of unresolved security tickets in busy teams.
Every pull request is an opportunity to test, triage, and fix issues, turning security into an enabler of rapid development, not a blocker.
In 2025, StackHawk’s combination of source-level API mapping and modern, automated testing makes it a must-have for healthtech, fintech, and SaaS companies with growing API portfolios.
Specifications
StackHawk is offered as a SaaS platform, analyzing REST, GraphQL, SOAP, and gRPC APIs.
It syncs with GitHub and other SCM tools, integrates with major CI/CD systems, and provides risk-prioritized analytics, customizable workflows, and fast scan cycles.
Features
Feature set includes source repository analysis, automated security testing on every build, API type coverage, vulnerability evidence mapping, developer guidance, and flexible integration with ticketing and orchestration tools.
Reason to Buy
StackHawk is a go-to for security and development teams wanting to reduce risk across the entire API estate and fix vulnerabilities where they start: in the codebase.
Pros
- Dev-first CI/CD integration
- Complete API landscape discovery
- Automated, prioritized findings
- Integrated developer workflows
- Rich evidence and fix support
Cons
- Requires repo connectivity for deepest coverage
- Some learning curve for teams new to “shift-left” security
Best For: Agile, fast-moving product teams prioritizing security automation in their dev process.🔗 Try StackHawk here → "StackHawk Official Website"7. F5
.webp)
Why We Picked It
F5 combines robust API security with deep threat detection powered by multi-layered analysis and ML. Its solutions are suited for organizations requiring both legacy and modern cloud-protective architectures.
F5’s strength lies in dynamic API discovery, policy enforcement, and continuous operational oversight, backed by global threat intelligence.
The company is widely adopted in high-risk, high-volume sectors for its scalability, reliability, and effective risk mitigation capabilities.
Specifications
F5 offers flexible cloud/on-prem/hybrid support, API discovery from code to production, behavioral analytics, and automated runtime protection.
Its architecture includes in-line enforcement, role-based controls, policy adaptation, and seamless SIEM and workflow integrations.
Features
The platform includes modern attack surface visibility, automated API endpoint mapping, runtime protection, policy enforcement, analytics dashboards, performance monitoring, and real-time alerting.
F5 enables multi-layered defense, supporting advanced business logic and injection flaw detection.
Reason to Buy
F5 provides proven operational efficiency, visibility, and security across distributed API environments.
Its managed services, dynamic threat detection, and policy automation offer significant value for large enterprises seeking control and continuous improvement.
Pros
- Deep analytics and ML threat detection
- API lifecycle protection
- Multi-cloud integration
- Continuous policy adaptation
- Reliable operational support
Cons
- Enterprise-grade solution may not fit all budgets
- Management complexity in large deployments
Best For: Large enterprises, distributed API environments, continuous oversight, operational efficiency🔗 Try F5 here → "F5 Official Website"8. Cequence Security
.webp)
Cequence Security Why We Picked It
Cequence Security unites automated discovery, business logic vulnerability testing, and unified API protection under one intelligent platform.
Its API Security Testing solution accelerates integration of security into development cycles reducing manual planning through AI-powered test plan generation and offering rich reporting for both security and dev teams.
Cequence’s “Intelligent Mode” delivers customized, context-aware test plans, while the platform seamlessly integrates with CI/CD pipelines and popular collaboration tools for alerting and automated remediation.
The role-based access control ensures large teams retain visibility without sacrificing effective management and data segregation.
Business logic abuse, privilege escalation, and unknown endpoint exposure are just some risks covered by Cequence’s deep testing.
Specifications
SaaS offering, with robust integrations into DevOps toolchains. Supports dynamic test generation per API/application, dashboard-based analytics, role-based management, and production/non-production reporting.
Works with Cequence AI Gateway and includes automated remediation tracking.
Features
Autonomous test plan creation, business logic and compliance validation, vulnerability reporting, workflow integrations, and coverage analytics are core features.
Teams benefit from actionable insights, scheduled/adhoc reporting, and advanced endpoint coverage.
Reason to Buy
Cequence is recommended for large organizations needing tailored security test plans, team-based management, and continuous compliance especially in regulated sectors.
Pros
- AI-powered autonomous test planning
- Integration with major CI/CD tools
- Actionable, customized findings
- Deep business logic coverage
- Visual test management
Cons
- Most effective for larger organizations
- Configuration can take initial time
Best For: Large, regulated organizations seeking scalable, tailored API security testing in modern CI/CD workflows.🔗 Try Cequence Security here → "Cequence Security Official Website"9. Traceable
.webp)
Traceable Why We Picked It
Traceable continues to impress with its full-lifecycle API security, combining dynamic payload-based testing, runtime analytics, and traffic-driven behavioral analysis.
Its strength lies in root-cause vulnerability tracing and rapid incident response, empowering both security and DevOps teams.
Traceable’s application maps and user session analytics reduce mean time to detect and remediate logical issues.
In 2025, Traceable bridges the gap between pre-production testing and runtime monitoring through effective contextual fuzzing and replay-based security assessments.
It offers deep coverage for the OWASP API Top 10, custom test suite creation, and granular vulnerability scoring.
This makes it a top choice for organizations looking to build API security into every stage of their development process, not just at runtime.
Specifications
Traceable is delivered as a SaaS solution with agent-based and agentless options. It supports automated API discovery, contextual fuzzing, and replay analysis for both public and private APIs.
The solution easily integrates into major CI/CD pipelines and provides reporting with vulnerability scoring (CVSS/CWE). Role-based access control and customizable alerting options are standard.
Features
Key features include dynamic API tracing, custom test suite scheduling, real-time threat analytics, sensitive data exposure prevention, integration with collaboration tools, and detailed remediation recommendations.
Flexible deployment models allow teams to optimize for scale, traffic, and API diversity.
Reason to Buy
Traceable is ideal for organizations looking for fast, actionable insights into API vulnerabilities and runtime threats.
It combines rapid scanning with deep analytics, making it suitable for dev-centric teams that need to secure APIs throughout the lifecycle.
Pros
- Dynamic fuzzing and replay-based testing
- Application/user session analytics
- Automated risk scoring
- Strong DevSecOps integrations
- Rich reporting and analytics
Cons
- Manual elements in test suite creation
- Some learning curve for advanced analytics
Best For: DevSecOps teams who want CI/CD-centric, scalable API security with real-time risk context.🔗 Try Traceable here → "Traceable AI Official Website"10. Pynt
.webp)
Pynt Why We Picked It
Pynt is an innovative API security testing platform optimized for automated vulnerability detection and rapid remediation.
Its user-friendly interface enables agile security testing, making it suitable for cloud-native and hybrid businesses.
Pynt is praised for its dynamic risk analytics, instant reporting, and deep integration capabilities.
Organizations benefit from proactive threat identification, automation, and easy compliance tracking, helping secure critical applications efficiently.
Specifications
Pynt offers automated API scanning, rapid deployment, cloud and hybrid compatibility, instant risk analytics, and seamless integration with notification and ticketing tools.
The platform supports granular security controls and real-time compliance reporting.
Features
Core features include instant vulnerability detection, automated report generation, integration with workflow and incident tools, dynamic analytics dashboards, and continuous API protection.
Reason to Buy
Choose Pynt for agile API risk management, efficient threat mitigation, and clear, actionable reporting. Its platform is ideal for growing organizations and those needing fast, in-depth API security insights.
Pros
- Instant vulnerability analytics
- Automated testing and reporting
- Rapid onboarding
- Dynamic dashboards
- Agile deployment
Cons
- Feature set optimized for SMBs and agile teams
- Advanced integrations may require premium tier
Best For: SMBs, agile organizations, instant vulnerability analytics🔗 Try Pynt here → "Pynt Official Website"Conclusion
API security is no longer a “nice to have” it’s a fundamental requirement for any business leveraging digital channels or modern software architectures.
The top 10 API security testing companies of 2025 cover a spectrum of needs: from AI-powered behavioral analytics to developer-centric “shift-left” testing, from advanced compliance dashboards to streamlined, rapid onboarding.
Choosing the right partner from this list will empower your organization to stay ahead of emerging threats, reduce the risk of breaches, and enable confident digital innovation.
Each vendor on this list offers free trials, demos, and extensive documentation test drive the solutions above and elevate your API security posture in 2025.
The post Top 10 Best API Security Testing Tools in 2025 appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
