APIsecurity.io

In issue #288 we look at how long-standing API security failures are being amplified by automation, AI, and increasingly aggressive exploitation timelines.  apisecurity.io/issue-288-42cr…

Attackers With Decompilers Strike Again labs.watchtowr.com/attackers-with…

Thinking of connecting AI to your APIs? Best make sure your APIs are secure first. This article from Kristopher Sandoval outlines some of the risks nordicapis.com/6-big-risks-of…

A good guide on the benefits of an API-first strategy from Adrian Moto, worth a read: nordicapis.com/a-software-arc…

BOLA, the top API vulnerability identified by OWASP, and yet, companies continue to get hacked because of it. This is probably one of the best ones I have read about BOLA Have a read and let me know what you think? hackernoon.com/the-authorizat…

Best wishes for 2026 to you all! Now if you missed it here is an advisory from IBM: Authentication bypass in IBM API Connect - ibm.com/support/pages/…

On behalf of everyone here in 42Crunch who curate the APIsecurity.io newsletter, website and social posts, we would like to thank you for your continued readership and wish you the very best for the festive season and health and happiness for you and yours in 2026!

700Credit data breach caused by compromised third-party API. cbtnews.com/700credits-ken… #apisecurity #apibreach

Why MCP Shouldn’t Wrap an API One-to-One nordicapis.com/why-mcp-should… #MCP #AIagent #API

Final issue in 2025. We list the 5 most frequent API vulnerabilities covered in the newsletter this year, highlighting common mistakes teams make in API development and where security efforts can deliver the biggest opportunity to reduce risk. apisecurity.io/issue-286-the-…

Issue 285 is out now. API vulnerabilities affecting Avelo Airlines, WhatsApp, and Oracle; an incident notification from OpenAI; a survey on the role of API security in agentic AI systems; and an article examining the risks from AI-generated software. apisecurity.io/issue-285-api-…

WhatsApp API flaw let researchers scrape 3.5 billion accounts bleepingcomputer.com/news/security/…

Why APIs and API security-first are critical In The Age Of Ai smbtech.au/thought-leader…

Threat Intelligence: Analysis of the NOFX AI Automated Trading Vulnerability slowmist.medium.com/threat-intelli…

The OWASP Business Logic Abuse Top 10 complements and enhances existing OWASP Top 10 projects by providing a cross-domain focus on business logic vulnerabilities that transcend technology stacks owasp.org/www-project-to…

APIs: the hidden foundation of AI governance business-reporter.co.uk/ai--automation… #apis #AI

In issue 284, vulnerabilities in trusted AI platforms, a blog post claiming an API BOLA vulnerability at Mercury Energy New Zealand, a recent interview exploring a range of API security topics and news of a new OWASP Top 10 list. apisecurity.io/issue-284-owas… #apisecurity #AIsecurity

65% of Leading AI Companies Found With Verified Secrets Leaks including API Keys infosecurity-magazine.com/news/leading-a…

"..APIs are not just developer conveniences, they are business-critical assets that demand the same rigor as financial systems or customer databases..." betanews.com/2025/11/03/whe… #APIsecurity

LLMs and AI pose a potential risk that API developers can’t afford to ignore. nordicapis.com/how-llms-are-b… #APIsecurity #AI #LLM