Dark Reading

OAuth+XSS Attack Threatens Millions of Web Users With Account Takeover

Critical API security flaws have put millions of users at risk for account takeover, by using a modern authentication standard to resurrect a longtime vulnerability. The bugs were found in the Hotjar ...
CSOonline

Web app, API attacks surge as cybercriminals target financial services

Web application and application programming interface (API) attacks against the global financial services industry grew by 65% in Q2 2023 compared to Q2 2022, accounting for nine billion attacks in 18 ...
Bleeping Computer

CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. The security flaw (CVE-2023-43770) is a persistent ...
CSOonline

A third of web attacks targeted APIs in 2023, threatening the expanding API economy

API security often receives inadequate attention, either overlooked in early planning stages or failing to match the pace of rapid technological deployment. APIs were the target of 29% of web attacks ...
TechRepublic

Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot

Akamai’s new study: Bots, phishing and server attacks making commerce a cybersecurity hotspot Your email has been sent Bots raining on retail drive flood in commerce attacks Led by LFI attacks, web ...