The API vulnerabilities nobody talks about: excessive data exposure
TLDR: Excessive Data Exposure (leaking internal data via API responses) is the silent, pervasive threat that is more dangerous than single dramatic flaws like SQL…
Category: Mix
Cyber Awareness Month: Vulnerabilities beware this Halloween
We couldn’t let Cybersecurity Awareness Month slip by without posting a bit of a fun blog on the topic, with a Halloween twist! Launched by…
![[tl;dr sec] #302 - LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered Malware](https://image.cybernoz.com/wp-content/uploads/2025/10/tldr-sec-302-LLM-Honeypot-Catches-Threat-Actor-Supply.png)
[tl;dr sec] #302 – LLM Honeypot Catches Threat Actor, Supply Chain Compromise Survey, AI-powered Malware
CAB This week Semgrep had our Customer Advisory Board (CAB), where I got to hang out with and learn from a bunch of security leaders…
New API testing category now available
Our API scanner can test for dozens of vulnerability types like prompt injections and misconfigurations. We’re excited to share today that we’re releasing vulnerability tests…
Intigriti partners with Shield to empower security within healthcare
Antwerp, Belgium, Oct. 23, 2025. Intigriti, a global crowdsourced security provider, is delighted to announce its latest partnership with non-profit Shield vzw within the framework agreement with…
Can Burp AI hack a website? CyberMaddy explores the new agentic capabilities in Burp AI | Blog
Amelia Coen | 22 October 2025 at 13:15 UTC In her latest video, CyberMaddy dives into the world of AI-driven ethical hacking, exploring how Burp…
Burp AI takes on a vulnerable web app: watch Tib3rius put Burp’s new agentic capabilities to the test | Blog
Amelia Coen | 22 October 2025 at 12:59 UTC What happens when you set Burp AI loose on a deliberately vulnerable web app? In his…
AWS Outage: Lessons Learned —
What can we learn from the recent AWS outage, and how can we apply those lessons to our own infrastructure? What Happened? On October 20,…
Key API Security Takeaways from the Postman 2025 State of API Report — API Security
API security has never been more important because modern APIs are operational necessities. Unfortunately, many organizations are failing to adapt their security models to a…
Metanarrative Prompt Injection · Joseph Thacker
When exploiting AI applications, I find myself using this technique really often so I figured I’d write a quick blog about it. I call it…
Reflected XSS: Advanced Exploitation Guide
Cross-site scripting vulnerabilities are, by no doubt, one of the vulnerability types that’ll keep haunting applications for a long time. This seamless injection bug can…
Reflected XSS: Advanced Exploitation Guide
Cross-site scripting vulnerabilities are, by no doubt, one of the vulnerability types that’ll keep haunting applications for a long time. This seamless injection bug can…