Security Boulevard

Why API Discovery Is the First Step to Securing AI

TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked.
CSOonline

APIs are the new perimeter: Here’s how CISOs are securing them

Today’s attack surface is shifting from the endpoint to the API, and AI and third-party SaaS are worsening the issue. CISOs offer advice for API defense. Recent breaches suggest attackers are shifting ...

Fake Google Antigravity Installer Can Steal Accounts in Minutes

Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies.
DataBreachToday

Bug Management in the Mythos Era: 'Assume You're Unpatched'

Thanks to Anthropic's Mythos presaging a world in which zero-day exploits are common, one cybersecurity expert says the new ...
AMBCrypto

‘Significantly accelerated by AI’ – Vercel breach adds to April’s crypto attack wave

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...
Unite.AI

AI Agents Are Getting Smarter and Their Attack Surface is Getting Bigger

The moment AI agents started booking meetings, executing code, and browsing the web on your behalf, the cybersecurity conversation shifted. Not slowly, but instead overnight.What used to be a ...

Why Your SaaS Resources Aren’t As Secure As You Think

From CRM systems and collaboration tools to productivity suites and line-of-business applications, Software-as-a-Service ...
The Hacker News

The Hidden Security Risks of Shadow AI in Enterprises

Employees are using unapproved AI tools. Learn the risks of shadow AI, including data leaks and identity sprawl & how ...
TidBITS

Shutting Down SlackBITS After Impersonation-Based Malware Attack

A convincing impersonation of TidBITS contributor Glenn Fleishman on our public Slack group fooled an experienced IT ...
Dark Reading

Critical MCP Integration Flaw Puts NGINX at Risk

Attackers can abuse the near-maximum severity flaw in nginx-ui to restart, create, modify, and delete NGINX configuration ...
Startup Daily

Analysis of 200 education dept-endorsed school apps finds most are selling BS when it comes to the privacy of children’s data

Analysis of almost 200 school-endorsed apps found most start harvesting children’s data in seconds, contradicting their own ...
Communications of the ACM

Subscription Bombing: Email under Attack

Email subscription bombing (also known as subscription flooding or email spam bombing) is an attack technique that overwhelms ...