#auth

In today's networked digital world, application programming interface (API) security is a crucial component in safeguarding private information and strengthening the integrity of online transactions. The potential for attack has increased dramatically as a result of the growing use of applications that depend on APIs to communicate across systems and services.It's also important to protect against malevolent actors who try to take advantage of API vulnerabilities for illegal access, data breaches and service interruptions. Strong API security measures are needed to establish trust, reduce risk

Data-rich and resource-poor, schools and libraries around the country make attractive targets for cybercriminals looking for an easy score, but a new federal program is looking to aid their defenses by providing much-needed financial support.

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any member to or from any teams. The vulnerability stems from insufficient access control checks in various team management endpoints, enabling attackers to exploit these functionalities without proper authorization.

A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.

With many popular apps, users must hand over personal information to prove their identity, and the big downside is they have no control over how that information gets processed and stored.

The combined skills from Beazley's cybersecurity services team and Lodestone will go into the company's new managed extended detection and response (MXDR) service.

A report in March found that 72% of cryptocurrency projects had died since 2020, with crypto trading platform FTX’s downfall taking out many of them in one fell swoop.

While Progress has released patches for the vulnerabilities, attackers are trying to exploit them before organizations have a chance to remediate.

Wireless service providers prioritize uptime and lag time, occasionally at the cost of security, allowing attackers to take advantage, steal data, and worse.

Researchers have found an online repository leaking sensitive data, including driving licenses and other identity documents.