Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.

API security has been a growing concern for years. However, while it was always seen as important, it often came second to application security or hardening infrastructure.  In 2025, the picture ...

The shadow technology problem is getting worse.  Over the past few years, organizations have scaled microservices, ...

OpenAI launches EVMbench with Paradigm to test AI on smart contract vulnerabilities and commits $10M to cybersecurity research.

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

CleanTalk WordPress plugin vulnerability affecting up to 200,000 sites could lead to remote code execution by unauthenticated attackers.

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.

CVE-2026-2329 allows unauthenticated root-level access to SMB phones, so attackers can intercept calls, commit toll fraud, and impersonate users.

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.

Also today, SAP released 27 new and updated security notes, including two that address critical-severity vulnerabilities. Jonathan Stross, SAP security analyst at Pathway, drew attention to a code ...

Rest Assured “VentiAPI”, by Master of Information and Cybersecurity grads Karl-Johan Westhoff, Bleu Strong, Jenny Garcia, and Tyler Heslop, helps organizations find and fix vulnerabilities in their ...

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...