This article explains the design and functionality of the new Sanitizer API being integrated into browsers for HTML sanitization. It highlights how the API aims to prevent XSS vulnerabilities by eliminating the need for ambiguous parsing and ensuring context sensitivity during input processing.

This GitHub repository offers a comprehensive checklist for securing your digital life. It includes a website for easy navigation, a raw data file for modifications, and an API for accessing checklist data. Users can clone the repo, run it locally, or deploy it on various platforms.

SquareX's research reveals a concealed MCP API in the Comet browser that allows extensions to execute commands and access user devices without permission. This breach of security principles raises concerns about potential exploitation and the lack of transparency surrounding embedded extensions.

Xano offers a fast way to create production-ready backends, including APIs and databases, without extensive coding. It features visual editing, AI-assisted logic, and strong security measures, making it suitable for developers who need to scale applications efficiently.

Xano provides a streamlined solution for creating APIs, databases, and server-side logic without extensive coding. It allows users to visually design workflows and integrate AI capabilities, all while ensuring robust security and compliance. Ideal for developers needing quick deployment and scalability.

This article outlines the opportunities for developers to create applications using Ring's video APIs. It highlights various use cases, such as safety monitoring and business analytics, and encourages developers to join the Ring Developer Program for early access to tools and resources.

Kubernetes v1.35 introduces an opt-in feature for CSI drivers to receive service account tokens through a dedicated secrets field instead of the volume context. This change aims to improve security by preventing accidental logging of sensitive tokens and standardizing how they are handled. Drivers can opt-in at their own pace, ensuring backward compatibility.

Tailsnitch audits Tailscale networks for misconfigurations and security issues. It checks for over 50 potential problems, including access control flaws and best practice violations, and provides options to fix issues directly through the Tailscale API. Users can customize reports and ignore known risks.

IBM is warning customers about a critical vulnerability in its API Connect platform that could let remote attackers bypass authentication and gain unauthorized access to applications. The flaw affects specific versions of the software and requires immediate patching or disabling self-service sign-up to mitigate risks.

A security engineer found over 17,000 exposed secrets in public GitLab repositories after scanning 5.6 million projects. The researcher used TruffleHog to identify sensitive data like API keys and tokens, discovering a higher secret density than previous scans on Bitbucket. Many organizations responded by revoking their compromised secrets.

The article discusses a major security incident where 30,000 public Postman workspaces exposed sensitive information like API keys and tokens. It highlights the risks faced by various industries, real-world consequences of these leaks, and the factors leading to such vulnerabilities.

A security researcher discovered a vulnerability in Filevine's API that allowed access to over 100,000 confidential files from a law firm. The researcher responsibly reported the issue, which was promptly addressed by Filevine, demonstrating the importance of transparency in handling security flaws.

The FBI has shared 630 million passwords with Troy Hunt to help organizations block potential account takeovers. This data, some of which is newly identified, adds to the existing database and enhances security measures against cybercrime. Hunt emphasizes the importance of using this information to protect accounts effectively.

OpenAI has cut ties with Mixpanel following a data breach that exposed user profile information linked to its API. While typical ChatGPT users are not affected, OpenAI is notifying impacted API users and reviewing security measures across its vendors. The breach involved names, emails, and location data, raising concerns about potential phishing attempts.

This article discusses how TwelveLabs transforms video into searchable data. It highlights features like scene and speech recognition, text generation from video, and enterprise-grade APIs for performance and security. Users can test the service with their own videos or request a demo.

XBOW Lightspeed offers rapid, expert-level penetration testing for internet-accessible applications. Tests deliver detailed reports within days, meeting various compliance standards. Pricing starts at $4,000 per test.

A vulnerability in the legacy Stripe API has been exploited by attackers to validate stolen credit card information. This exploitation allows unauthorized access to sensitive payment data, raising concerns over the security of outdated APIs in financial systems. Immediate measures are recommended for affected users to mitigate potential risks.

Azure DevOps is implementing a change where newly generated OAuth client secrets will only be displayed once at creation, enhancing security and aligning with industry best practices. The Get Registration Secret API will also be retired to prevent misuse, and users must adapt their workflows accordingly before September 2, 2025.

OpenAIPot is a deceptive API gateway designed to detect unauthorized usage of OpenAI API keys by acting as a honeypot. It forwards legitimate requests while injecting deceptive content for lure API keys, incorporates security controls such as IP allowlisting and rate limiting, and offers comprehensive logging for monitoring and analysis of potential attacks.

An OpenAI-compatible API can be effectively deployed using AWS Lambda and an Application Load Balancer (ALB) to bypass the limitations of API Gateway's authentication requirements. By setting up the ALB to route traffic directly to the Lambda function, developers can maintain a seamless integration with the OpenAI Python client, ensuring a consistent API experience. This approach offers flexibility and security when exposing custom AI services.

uuidv47 enables the storage of sortable UUIDv7 in databases while presenting a UUIDv4-like facade at the API level. It employs a deterministic and invertible mapping through a keyed SipHash-2-4 stream, ensuring security and compatibility with RFC standards. The library includes a PostgreSQL extension and offers full testing and performance benchmarks.

A survey of over 1,200 CIOs, CISOs, and security professionals reveals the significant impacts of API security incidents on profits, stress levels, and credibility, with 84% of enterprises having experienced such incidents. The report highlights the reasons behind these occurrences and identifies gaps in API inventories, testing, and risk assessment practices.

The article discusses the evolving role of API gateways in software architecture, highlighting various design patterns and trends anticipated for 2025. It emphasizes the importance of flexibility, security, and scalability in managing APIs effectively in modern applications. Key considerations for developers and organizations looking to implement or upgrade their API gateways are also outlined.

API developers must be aware of various HTTP edge cases that can lead to serious vulnerabilities and performance issues. The article discusses critical problems such as range header mishandling, content-type enforcement, and request smuggling, emphasizing the importance of proper configuration and validation in web applications.

The blog explores the use of various APIs, specifically the Graph API, Azure Monitor API, and Defender ATP API, for enhancing security operations and automating threat detection. It provides insights into the available data, permissions required, limitations, and includes ready-to-use PowerShell scripts for executing KQL queries across these APIs. A focus is placed on best practices for querying and the advantages of using the Graph API for comprehensive data access.

SecHub is a free and open-source security platform that provides a central API for testing software with various security tools, enhancing application security throughout the software development lifecycle. It orchestrates multiple security and vulnerability scanners, allowing teams to identify and address potential vulnerabilities in source code, binaries, and web applications efficiently. SecHub offers a streamlined user workflow for scanning and reporting, supporting integrations with CI/CD pipelines and various IDEs through plugins.

Recursive Request Exploits (RRE) is a new technique that automates the tracing of API chains to identify vulnerabilities in digital entitlements, such as video streams. By following the app's business logic, it allows users to discover unauthenticated requests that could be exploited to bypass access controls. The associated Burp extension simplifies this process, enabling security professionals to effectively trace and exploit low-trust inputs for high-value outputs.

Centia.io offers a secure SQL API that allows users to query data over HTTP or WebSocket with support for JSON-RPC methods. It features built-in security measures such as OAuth2, row-level security, and rate limiting, making it a developer-friendly solution backed by Postgres. The platform provides intuitive SDKs and a friendly CLI for data management.