More companies are announcing the impact of the Salesloft Drift breach, a supply chain attack targeting business-to-business third-party integrations. Testing 3rd party API integrations for security is as important as testing your own APIs for security vulnerabilities.

In Issue 279, we highlight the common vulnerabilities that continue to surface across government web portals and security platforms to industrial equipment, home devices, and even service robots at your local restaurant. apisecurity.io/issue-279-tax-…

Security teams need to address MCP compositional risk by design, not as an afterthought. scworld.com/perspective/wh…

Argo CD fixes API Vulnerability that exposed repository credentials cybersecuritynews.com/argo-cd-api-vu…

Robust Security Reviews of AI-Generated Code Required, Warns Study bankinfosecurity.com/coding-ai-assi…

Critical API security flaw in Adobe's Commerce and Magento Open Source platforms thehackernews.com/2025/09/adobe-…

SwissBorg lost $41M in SOL (Solana crypto) after hack exploited partner Kiln’s API. swissborg.com/blog/sol-earn-…

New variant of malware targeting exposed Docker APIs aims to block API access hackread.com/new-docker-mal…

Critical API vulnerabilities in solar power devices, API directory traversal flaws affecting LG Smart TVs, common weaknesses in the APIs for password-reset services, and the Stack Overflow Developer AI Survey. apisecurity.io/issue-280-sola…

Cybersecurity study finds LLMs can improve accuracy and consistency in routine decisions but can increase automation bias and overconfidence. It suggests LLMs should not be treated as a static answer engine, but instead used as an adaptive collaborator. arxiv.org/pdf/2509.06595

The OpenAPI Initiative publishes v3.2 of the OpenAPI specification and a patch for v3.1 (3.1.2) spec.openapis.org/oas/v3.2.0.html spec.openapis.org/oas/v3.1.2.html

Nokia CBIS/NCS Manager API Vulnerability Allows Attackers to Bypass Authentication gbhackers.com/nokia-cbis-ncs…

Some interesting stats and recommendations from the @zimperium global mobile threat report. Once APIs are embedded in app code they turn every app into an attack surface...extend protection into the app itself by hardening APIs... zimperium.com/blog/mobile-ap…

Lovense - A story of neglected API vulnerabilities kaspersky.com/blog/lovense-v…

Apache Airflow 3.0.3: Connection sensitive details exposed to users with READ permissions lists.apache.org/thread/jg3jo9l…

As attacks and vulnerabilities rise, defenders need to rethink strategies securityboulevard.com/2025/09/as-har…

Issue 281 of the APIsecurity.io newsletter is out now. In this issue we examine OneLogin's API data leak, Cloudflare’s accidental API DoS, a critical Entra ID vulnerability, incidents of mass assignment and excessive data and more.. apisecurity.io/issue-281-onel… #apisecurity

Security gaps across 50 biotech platforms — from exposed DNA data to unauthenticated APIs. sekurno.com/biotech-cybers…

Kibana CrowdStrike Connector Vulnerability Exposes Protected Credentials cyberpress.org/kibana-crowdst…