Latest API news

Trello API abused to link email addresses to 15 million accounts

An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
- Lawrence Abrams
- January 23, 2024
- 04:31 PM
- 0
Halara probes breach after hacker leaks data for 950,000 people

Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.
- Lawrence Abrams
- January 11, 2024
- 03:28 PM
- 0
Google: Malware abusing API is standard token theft, not an API issue

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
- Lawrence Abrams
- January 06, 2024
- 11:40 AM
- 1
Sponsored Content
How Continuous Pen Testing Protects Web Apps from Emerging Threats

The nature and ubiquity of modern web apps make them rife for targeting by hackers. Learn more from Outpost24 about the value of continuous monitoring to secure modern web apps.
- Sponsored by Outpost24
- November 29, 2023
- 10:02 AM
- 0
ChatGPT down after major outage impacting OpenAI systems

OpenAI's AI-powered ChatGPT large language model-based chatbot is down because of a major ongoing outage that also took down the company's Application Programming Interface (API).
- Sergiu Gatlan
- November 08, 2023
- 09:43 AM
- 4
Cloudflare Dashboard and APIs down after data center power outage

An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations.
- Sergiu Gatlan
- November 02, 2023
- 12:13 PM
- 0
Microsoft to start retiring Exchange Web Services in October 2026

Microsoft said today that the Exchange Web Services (EWS) API for Exchange Online and Office 365 will be retired in approximately three years.
- Sergiu Gatlan
- September 19, 2023
- 12:28 PM
- 0
ALPHV ransomware adds data leak API in new extortion strategy

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their attacks.
- Ionut Ilascu
- July 26, 2023
- 02:34 AM
- 0
Ivanti patches MobileIron zero-day bug exploited in attacks

US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
- Sergiu Gatlan
- July 24, 2023
- 04:05 PM
- 0
JumpCloud resets admin API keys amid ‘ongoing incident’

JumpCloud, a US-based enterprise software firm is notifying several customers of an "ongoing incident." As a caution, the company has invalidated existing admin API keys to protect its customer organizations. Headquartered in Colorado, the cloud-based directory-as-a-service platform serves over 180,000 organizations across the world.
- Ax Sharma
- July 06, 2023
- 06:23 AM
- 0
Honda API flaws exposed customer data, dealer panels, internal docs

Honda's e-commerce platform for power equipment, marine, lawn & garden, was vulnerable to unauthorized access by anyone due to API flaws that allow password reset for any account.
- Bill Toulas
- June 07, 2023
- 04:10 PM
- 1
Twitter API outage blocks sign-ins, breaks most platform features

Twitter users are experiencing issues worldwide when trying to log in or log out and when attempting to share their tweets, click links, embed tweets, and see images.
- Sergiu Gatlan
- March 06, 2023
- 12:23 PM
- 2
New Mimic ransomware abuses ‘Everything’ Windows search tool

A new ransomware family named 'Mimic' has been spotted in the wild abusing the APIs of a legitimate Windows file search tool called 'Everything' to achieve file enumeration.
- Bill Toulas
- January 26, 2023
- 03:22 PM
- 1
200 million Twitter users' email addresses allegedly leaked online

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak.
- Lawrence Abrams
- January 04, 2023
- 03:16 PM
- 0
Toyota, Mercedes, BMW API flaws exposed owners’ personal info

Security analysts disclosed severe API security flaws impacting numerous car makers, enabling them to access vehicle owner information, take over accounts, access internal systems, modify records, and track their position.
- Bill Toulas
- January 04, 2023
- 11:05 AM
- 0
Hacker claims to be selling Twitter data of 400 million users

A threat actor claims to be selling public and private data of 400 million Twitter users scraped in 2021 using a now-fixed API vulnerability. They're asking $200,000 for an exclusive sale.
- Lawrence Abrams
- December 26, 2022
- 03:44 PM
- 4
LEGO BrickLink bugs let hackers hijack accounts, breach servers

Security analysts have discovered two API security vulnerabilities in BrickLink.com, LEGO Group's official second-hand and vintage marketplace for LEGO bricks.
- Bill Toulas
- December 15, 2022
- 08:00 AM
- 0
Amazon ECR Public Gallery flaw could have wiped or poisoned any image

A severe security flaw in the Amazon ECR (Elastic Container Registry) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.
- Bill Toulas
- December 13, 2022
- 09:00 AM
- 0
5.4 million Twitter users' stolen data leaked online — more shared privately

Over 5.4 million Twitter user records containing non-public information stolen using an API vulnerability fixed in January have been shared for free on a hacker forum. Another massive, potentially more significant, data dump of millions of Twitter records has also been disclosed by a security researcher.
- Lawrence Abrams
- November 27, 2022
- 01:31 PM
- 7
Apps with over 3 million installs leak 'Admin' search API keys

Researchers discovered 1,550 mobile apps leaking Algolia API keys, risking the exposure of sensitive internal services and stored user information.
- Bill Toulas
- November 21, 2022
- 10:04 AM
- 1