The Hacker News

OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps

CVE-2025-59363 "allowed attackers with valid API credentials to enumerate and retrieve client secrets for all OIDC ...
DevPro Journal

Five critical API security flaws developers must avoid

Learn how you can implement essential best practices - from strict authorization to rate limiting - to secure APIs and ...
Insurance Business America

API vulnerabilities drive new wave of cyber threats

APIs have become a primary entry point for cyber attacks in 2025, according to new research from Thales. The company’s latest API Threat Report, covering the first half of the year, documents more ...

APIs become primary target for cybercriminals - Over 40,000 API incidents in first half of 2025: report

Aerospace and defence corporation Thales has announced the findings of its latest API Threat Report (H1 2025), warning that ...
TMCnet

Resilience Across the Digital Ecosystem: Akamai Launches Managed Service for API Performance

Akamai expands its API security capabilities with this new managed service to provide not just protection — but proactive performance optimization. Organizations can now offload the burden of ...
SecurityWeek

ShadowV2 DDoS Service Lets Customers Self-Manage Attacks

New DDoS botnet ShadowV2 targets misconfigured Docker containers and offers a service model where customers launch their own attack.

CISA flags some more serious Ivanti software flaws, so patch now

In a new security advisory, CISA said it was tipped off on cybercriminals using CVE-2025-4427, and CVE-2025-4428 - both ...

CISA exposes malware kits deployed in Ivanti EPMM attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks ...