OpenAI API User Data Exposed in Mixpanel Breach, ChatGPT Unaffected
OpenAI confirmed a third-party data breach via Mixpanel, exposing limited API user metadata like names, emails and browser…
API
SesameOp Backdoor Abused OpenAI Assistants API for Remote Access
Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.
Claude AI APIs Can Be Abused for Data Exfiltration
An attacker can inject indirect prompts to trick the model into harvesting user data and sending it to the attacker’s account.
The post Claude AI APIs Can Be Abused for Data Exfiltration appeared first on SecurityWeek.
Critical MCP Server Flaw Exposes Over 3,000 Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular Model Context Protocol (MCP) server hosting service, exposed over 3,000 AI servers and thousands of API keys to potential attackers. Security researchers discovered a simple path traversal flaw that en…
Cloudflare Confirms API Outage Caused by React useEffect Overload Issue
Cloudflare experienced a significant outage on September 12, 2025, affecting its Tenant Service API, multiple APIs, and the Cloudflare Dashboard. The company has confirmed that the incident was primarily triggered by a React programming bug that caused…
New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development.
Governance-Driven Automation: How Flowable Is Redefining Digital Process Management
A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source…
Top 10 Best API Penetration Companies In 2025
Securing APIs is a critical cybersecurity challenge in 2025 as they are the backbone of modern applications and a prime target for attackers. API penetration testing is no longer an optional check; it’s a necessity for finding business logic flaw…
New APIsec University Training Modules Now Available in KnowBe4’s Diamond Library
We’re excited to announce the addition of six new training modules from APIsec University, now available at the Diamond Level in KnowBe4’s Security Awareness Training (KSAT) library.
Azure API Vulnerabilities Expose VPN Keys and Grant Over-Privileged Access via Built-In Roles
Token Security experts recently conducted a thorough investigation that exposed serious security weaknesses in Microsoft Azure’s Role-Based Access Control (RBAC) architecture. Azure RBAC, the backbone of permission management in the cloud platfor…