Search Results: APIsecurity

A critical API flaw in Lovense's connected sex toy platform allows attackers to map usernames to private email addresses in under one second, putting 20 million users at risk of doxxing and harassment. Despite researchers disclosing the vulnerability in March 2025, the company estimates a 14-month remediation timeline due to legacy app compatibility concerns.

Intruder's new open-source tool Autoswagger scans exposed API documentation to uncover dangerous broken authorization vulnerabilities. Testing revealed sensitive data exposures at major enterprises, highlighting how publicly accessible schemas create attack surfaces attackers exploit.

A viral Hacker News thread exposes widespread vulnerabilities in popular API rate limiting implementations, with security researchers demonstrating how attackers bypass common safeguards. Developers share novel evasion techniques and propose robust mitigation strategies.