A vulnerability in the legacy Stripe API has been exploited by attackers to validate stolen credit card information. This exploitation allows unauthorized access to sensitive payment data, raising concerns over the security of outdated APIs in financial systems. Immediate measures are recommended for affected users to mitigate potential risks.

Azure DevOps is implementing a change where newly generated OAuth client secrets will only be displayed once at creation, enhancing security and aligning with industry best practices. The Get Registration Secret API will also be retired to prevent misuse, and users must adapt their workflows accordingly before September 2, 2025.

OpenAIPot is a deceptive API gateway designed to detect unauthorized usage of OpenAI API keys by acting as a honeypot. It forwards legitimate requests while injecting deceptive content for lure API keys, incorporates security controls such as IP allowlisting and rate limiting, and offers comprehensive logging for monitoring and analysis of potential attacks.

An OpenAI-compatible API can be effectively deployed using AWS Lambda and an Application Load Balancer (ALB) to bypass the limitations of API Gateway's authentication requirements. By setting up the ALB to route traffic directly to the Lambda function, developers can maintain a seamless integration with the OpenAI Python client, ensuring a consistent API experience. This approach offers flexibility and security when exposing custom AI services.

A survey of over 1,200 CIOs, CISOs, and security professionals reveals the significant impacts of API security incidents on profits, stress levels, and credibility, with 84% of enterprises having experienced such incidents. The report highlights the reasons behind these occurrences and identifies gaps in API inventories, testing, and risk assessment practices.

uuidv47 enables the storage of sortable UUIDv7 in databases while presenting a UUIDv4-like facade at the API level. It employs a deterministic and invertible mapping through a keyed SipHash-2-4 stream, ensuring security and compatibility with RFC standards. The library includes a PostgreSQL extension and offers full testing and performance benchmarks.

SecHub is a free and open-source security platform that provides a central API for testing software with various security tools, enhancing application security throughout the software development lifecycle. It orchestrates multiple security and vulnerability scanners, allowing teams to identify and address potential vulnerabilities in source code, binaries, and web applications efficiently. SecHub offers a streamlined user workflow for scanning and reporting, supporting integrations with CI/CD pipelines and various IDEs through plugins.

The blog explores the use of various APIs, specifically the Graph API, Azure Monitor API, and Defender ATP API, for enhancing security operations and automating threat detection. It provides insights into the available data, permissions required, limitations, and includes ready-to-use PowerShell scripts for executing KQL queries across these APIs. A focus is placed on best practices for querying and the advantages of using the Graph API for comprehensive data access.

API developers must be aware of various HTTP edge cases that can lead to serious vulnerabilities and performance issues. The article discusses critical problems such as range header mishandling, content-type enforcement, and request smuggling, emphasizing the importance of proper configuration and validation in web applications.

The article discusses the evolving role of API gateways in software architecture, highlighting various design patterns and trends anticipated for 2025. It emphasizes the importance of flexibility, security, and scalability in managing APIs effectively in modern applications. Key considerations for developers and organizations looking to implement or upgrade their API gateways are also outlined.

Recursive Request Exploits (RRE) is a new technique that automates the tracing of API chains to identify vulnerabilities in digital entitlements, such as video streams. By following the app's business logic, it allows users to discover unauthenticated requests that could be exploited to bypass access controls. The associated Burp extension simplifies this process, enabling security professionals to effectively trace and exploit low-trust inputs for high-value outputs.

Centia.io offers a secure SQL API that allows users to query data over HTTP or WebSocket with support for JSON-RPC methods. It features built-in security measures such as OAuth2, row-level security, and rate limiting, making it a developer-friendly solution backed by Postgres. The platform provides intuitive SDKs and a friendly CLI for data management.