Tag

Api

4 briefs RSS

OpenViking Authentication Bypass Vulnerability (CVE-2026-40525)

OpenViking versions prior to commit c7bb167 are vulnerable to an authentication bypass that allows remote attackers to invoke privileged bot-control functionality without authentication when the api_key configuration is unset or empty, potentially leading to unauthorized access to downstream systems and data.

CVE-2026-40525 authentication-bypass openviking api

2r 1t 1c 2w ago

critical advisory

Paperclip Cross-Tenant Agent API Key IDOR Vulnerability

3 rules 5 TTPs

A Paperclip API vulnerability allows a board user from one company to create, list, and revoke agent API keys in another company, leading to full cross-tenant compromise due to insufficient authorization checks on `/agents/:id/keys` routes.

idor cross-tenant api paperclip privilege-escalation

3r 5t 2w ago

high threat

Kimsuky Malware Using Dropbox API for Command and Control

2 rules 2 TTPs

Kimsuky is using malware that leverages the Dropbox API for command and control, enabling file exfiltration and remote code execution.

Kimsuky +4 dropbox api command-and-control exfiltration

2r 2t Mar 19, 2026

medium advisory

Okta API Token Revoked

2 rules 1 TTP

Detection of Okta API token revocation events, indicating potential unauthorized access or compromise.

Okta api token revocation identity

2r 1t Jan 3, 2024