API economy

August 9, 2025

FireTail at Black Hat USA 2025: Finalist in the Startup Spotlight

FireTail was one of four startups selected as a finalist in the Black Hat USA 2025 Startup Spotlight Competition. This week was unforgettable and reaffirmed the urgent demand for AI security solutions.



May 14, 2025

Closing the Loop: Continuous API Security Testing

APIs power all of the connections we take for granted in the modern internet. But as we rely on them more for new technologies like AI, securing them is harder than ever. That’s why continuous API security testing is an essential part of every cybersecurity posture.



April 11, 2025

The New CIS API Security Guide

It’s here! The New CIS Guide for API Security provides teams with actionable steps for their own API security postures. API use is skyrocketing with the recent adoption of AI, and security teams are struggling to keep up with the rising threats. That’s where the CIS Guide comes in.



March 20, 2025

Tomcat RCE Vulnerability Now Exploited in the Wild

Researchers recently found a vulnerability in Apache Tomcat’s servers that would allow an attacker to commit Remote Code Execution with a single PUT request to a specific API, followed by a GET. And now, this vulnerability is officially being exploited in the wild.



February 18, 2025

What We Can Learn from The New Malware Abusing Microsoft

Today’s cyber landscape is littered with threats, risks, and vulnerabilities. Every week, we are seeing an increase not only in attacks, but also in the methods used to attack. This week, a new family of malware was discovered exploiting Microsoft’s Graph API.



February 18, 2025

AI & API: Double Rainbow for Cybersecurity

AI security and API security run alongside each other, much like a double rainbow. Each one contains a full spectrum of security requirements that work in tandem with one another.



October 16, 2024

Star Health Data Leak: The Call is Coming from Inside the House

Star Health suffered a massive data leak via API access. The personal information of millions of victims has been compromised, and worst of all, there may have been an insider who facilitated the breach.



October 15, 2024

Ecovacs Hurl Obscenities at Unsuspecting Users

Ecovac customers in Australia were startled when their vacuums began talking back to them, most notably using racial slurs. This was made possible through remote access and manipulation of the “smart” devices.



September 10, 2024

MoveIT Breaches have Lasting Impacts on Wisconsin Medicare

In Wisconsin, nearly a million Medicare users’ personally identifiable information has been exposed as a result of the moveIT breaches of yester-year.



August 2, 2024

Selenium Grid Target of Malware Attack

There is also a massive lack of awareness around APIs and API endpoints. Many developers buy 3rd party software packages without realizing that they contain a variety of APIs with their own unique vulnerabilities.



July 23, 2024

Google Cloud Security Threat Horizons Report #10

Google Cloud Security released an updated Threat Horizons report containing information about the top security risks. Here are our notes from the report.



July 19, 2024

Life 360 Phone Number Leak

Location-sharing services, like much of the modern internet, are powered by APIs. Because these APIs handle personally identifiable information such as addresses, phone numbers and more, breaches in these apps can lead to serious safety issues for users everywhere.



July 19, 2024

Apache Hugegraph Under Attack

With new API threats popping up every day, no one is safe from vulnerability. This is especially dangerous when it comes to large, widely used servers such as Apache HugeGraph.



July 1, 2024

New Cryptomining Campaigns Use Exposed Docker APIs

A new type of API attack has been discovered- and it’s particularly pernicious. The target? Exposed Docker APIs. The objective? Spreading cryptojacking malware.



June 13, 2024

Sensitive Meeting Data Left Vulnerable to Cyber Infiltration

Let’s talk about a recent example of an API vulnerability that was exploited to gain access to data within the German government.



June 10, 2024

When the Internet Connects to You

Researcher Sam Curry recently discovered some alarming vulnerabilities in his modem, a Cox Panoramic wifi gateway. It all started when he noticed an unknown IP address was copying his same HTTP requests.



May 20, 2024

The State of API Security 2024

We're excited to announce the release of our latest State of API Security 2024 report! With the rapid adoption of microservice-based architectures, cloud-native solutions, containerization, and AI, the API attack surface is expanding faster than ever.



April 23, 2024

APIs at the Edge of Modern Cloud Apps

The cloud might be a popular talking point, but the edge of the cloud – where APIs and distributed computing intersect – is the true unsung hero of modern cloud application development and deployment. Today, we’re going to look at APIs at the edge of modern cloud applications.



April 17, 2024

APIs and Competitive Advantage in the Travel Sector

In the travel sector, securing a competitive edge is vital. In a hyperconnected industry, where demand fluctuates, pricing is dynamic and customers have endless options, efficient and well-secured APIs can make a huge difference.



March 13, 2024

The Importance of APIs in FinTech Ecosystems

Fintech is a growing industry, and with this growth comes data. With data - and the sensitivity of the data in financial services in particular - comes the need to implement security solutions effectively at scale. Thankfully, fintech providers can turn to many readily available solutions to increase their security posture and deliver better, more secure products at scale.



February 27, 2024

Connecting the Dots: API Security for Building Modern Internet Services

The modern web is more connected than ever before. The move from monoliths to containerization and microservice-based architectures means API security is a must. In this blog, we look at what it takes to build secure modern internet services.



January 17, 2024

Disclosure: Work Application Vulnerability

FireTail CTO Riley found a web application vulnerability. He noticed when the app was open, and he had tools open, one of the requests was going to an API instead of a web application.



November 13, 2023

API Gateways: Great for Management but Not for Security

Gateways are great, but not for security. API gateways are useful when it comes to API management but they were never designed with security in mind. They can't actively monitor API traffic, they don’t see inside payloads or detect real-time manipulation. They won’t stop most API attacks.



November 2, 2023

Unsecured APIs are now a Popular Delivery Mechanism in Ransomware Attacks

As they continue to rise in use, APIs are becoming a critical attack surface for ransomware groups.



September 27, 2023

FireTail Now Available on AWS Marketplace

The addition of FireTail marks a significant milestone in our mission to provide state-of-the-art API security solutions to organizations around the world. Now, AWS customers can unleash the power of FireTail quickly, easily and confident in the knowledge that the platform integrates perfectly with their cloud environment.



September 24, 2023

Disclosure: European Shipping Company

FireTail researcher Viktor Markopoulos discovered a vulnerability in a European Shipping Company’s APIs that allowed him to download internal files without authentication.



August 30, 2023

API Days Connect Hong Kong

We were delighted to have the opportunity to present at Apidays Hong Kong this year. The hybrid event was a wonderful way to connect with some of the brightest minds in API security from all across the region and our CEO, Jeremy Snyder, took to the stage to deliver a talk entitled ‘API Security: Analysis of Breaches, Attack Vectors and Strategies.’ Watch the full presentation now…

