webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
APIs in Peril: API Attacks Increasing
March 13, 2024
The number and severity of API attacks and vulnerabilities are increasing according to the API ThreatStats™2024 Report from Wallarm — there was a 30% increase in API-related Common Vulnerabilities and Exposures (CVEs) and security bulletins in 2023 compared to 2022.
Additionally, malicious requests involving APIs that Wallarm blocked rose significantly from 54% in 2022 to 70% in 2023.
These attacks aren't going unnoticed by the public. Half of the top 20 most mentioned vulnerabilities in Google Searches are API-related, indicating growing public awareness and concern about API security.
"The growth in malicious API requests and rising public awareness of APIs in 2023 prove that API security is growing increasingly crucial for business leaders and cybersecurity professionals to prioritize in their digital security strategies," said Ivan Novikov, CEO of Wallarm.
Source: Wallarm(link is external)
Injections and API leaks dominate top API security risks
Injections, which involve malicious data or code being inserted into an API that leads to unauthorized access and data breaches, nabbed the first spot on the "Top 10 API Security Risks for 2023" list.
Although a newer entry on the list, API leaks ranked fourth due to their potential for unrestrained disclosure of sensitive data, often through negligent methods. API leaks are often overlooked, as evidenced by their absence from the OWASP Top 10 threat list.
API security bugs rule the bounty game with 62% of rewards
In 2023, most bug bounties — ethical hackers that test and challenge major companies' security systems — were for API security: 62% of all bounty payments. Notably, API-related bounties are higher in value compared to other categories. The highest payout for an API bug was $15,000, three times larger than the highest non-API payout of $5,000.
Social media platform Snapchat had the highest bug bounty payout in 2023, signifying more major players see the importance of getting ahead of critical security flaws.
API security predictions for 2024 that demand immediate action
The report predicts there will be an intensified focus on emerging API data leaks as a significant risk in 2024, emphasizing the prevention of sensitive information breaches that include API keys and JWT tokens.
There will also be a shift towards adopting novel metrics for vulnerability triaging and an increased focus on addressing broken access control and authorization (BOLA) issues in API security strategies.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
