CISOs urged to fix API risk before regulation forces their hand https://www.helpnetsecurity.com/2025/07/08/report-enterprise-api-security-risks/ #cybersecurity #APIsecurity #securityROI #compliance #monitoring #regulation #Raidiam #report #survey #News #CISO
We had a great time at #apidays #Munich last week! Grayloggers Ramon Marquez and Jürgen Venhorst pulled out all the stops to welcome conference goers and talk to them about what's new and exciting with #Graylog.
Plus, Ramon had a chance to educate people about using runtime monitoring to detect and block low-volume attacks.
Didn't catch Ramon or Jürgen at the event? You can reach out here: https://graylog.org/contact-us/ or DM them through LinkedIn. #API #APIs #APIsecurity
API Sprawl Can Trip Up Your Security, Big Time – Source: securityboulevard.com https://ciso2ciso.com/api-sprawl-can-trip-up-your-security-big-time-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #CyberSecurityNews #SecurityAwareness #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #APIsecurity #APIsprawl #Security #SocialX
I'm giving a paid workshop on the #OWASP #APISecurity Top Ten with AntiSyphon training on September 19th, with a ranging pay scale. Check it out here:
Attention The #GraylogGO #CFP deadline is TOMORROW—Friday, June 27th. Got questions about the GO CFP? We've got answers.
Q: Is this conference virtual, in-person, or both?
A: It's all virtual this year! So there's no travel or hotel costs involved.
Q: Are there different conference tracks?
A: Yes! There will be a Risk Management track and a Data Management track.
Q: I'd like to submit a speaking proposal but I'm not sure what to talk about. Do you have suggestions?
A: Yes! Take a look at this page for some great ideas and to submit your proposal. https://graylog.org/post/get-to-know-graylog-go/
What would you do if you discovered a #bug or #loophole that provided free lifetime service instead of the usual annual or monthly fees? I've been trying to reach out to the company for a year, sending emails and requesting contact with their #development or #security team, but I haven't received a response.
The #CEO is active on #X and #Meta, but I don't have accounts on those platforms but I can't contact him directly anyway since DMs are disabled. Any suggestions?
The service still works after a year of using it.
Join Tanya Janca on November 5 for a 1-day, hands-on training session at OWASP Global AppSec USA 2025 and learn how to design and harden APIs the right way.
Secure your training spot now: https://owasp.glueup.com/event/131624/register/
There are many ways to attack an #API, and most attackers share the same goal—to steal as much sensitive info as possible without being detected. In the worst case scenarios attackers use "low and slow" data exfiltrations to steal a few records at a time, over a long period of time.
Join Graylog,'s Ramon Marquez at #apidays Munich on July 3rd at 12:05 pm local time for "Hunting Silent Raiders: Detecting and recovering from 'low and slow' data exfiltrations." Learn how to use runtime monitoring to detect and block low-volume attacks, before entire datasets are stolen.
https://www.apidays.global/ #APIs #APIsecurity #cybersecurity #APIdaysmunich @apidaysglobal
Alright friends, it's Friday and you know what that means... you have THE WHOLE WEEKEND to work on your speaking proposal for #GraylogGO! The deadline to submit is June 27th, so you'll want to get on that—basically—now.
There will be two tracks at this year's virtual conference which takes place Sept. 16th-17th: Risk Management and Data Management. We welcome proposals from Graylog #Security and Enterprise customers as well as Graylog open source users. You don’t need to be a professional speaker—just someone with a story to tell!
Not sure what to talk about? Here are some ideas: Customer success stories
Traditional or unique use cases
Upgrading from open source to Graylog Enterprise or Graylog Security
Migration to Graylog 6.1 or 6.2
Compliance and audit readiness using #Graylog
Threat detection, hunting, and incident response
System scaling, performance tuning, and integration workflows
Lessons learned, tips and tricks, or internal enablement strategies
Learn more and submit your proposal here. https://graylog.org/post/get-to-know-graylog-go/ #SIEM #cybersecurity #APIsecurity
Thank you for a great AWS re:Inforce this week! We came, we saw, and Rich Murphy conquered—with his presentation on Taming the Alert Avalanche.
It's been an epic conference season, and the festivities will continue with apidays Munich and #DEFCON33 coming up in July and August. See you there!
https://graylog.org/events/ #cybersecurity #infosec #SIEM #APIsecurity
#JWT: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:
#AppSec
#APIsecurity
https://trustedsec.com/blog/attacking-jwt-using-x509-certificates
Missed one of my past conference talks? Let’s fix that.
I’m sharing my favorites—packed with real-world advice, lessons, and a few laughs.
“Top Ten Security Tips for APIs” https://twp.ai/4in9ou
Identifying high-risk APIs across thousands of code repositories https://www.helpnetsecurity.com/2025/06/12/joni-klippert-stackhawk-apis-sensitive-data-detection/ #cybersecurity #APIsecurity #Don'tmiss #StackHawk #Features #Hotstuff #opinion #News #data
And... that's a wrap on #GartnerSEC! We had a fun and busy three days in National Harbor, MD.
Special shout out to Steve Mosley from Bitdefender, who stopped by to connect and party at our booth. The #Graylog booth is ALWAYS where you want to be at the #cybersecurity shows. Trust us!
We had a great time at Infosecurity Europe last week! Thank you to everyone who stopped by to chat with us about all-things #Graylog, during the show. If you didn't catch us there, we'll be at more exciting industry events in the near future... including:
AWS re:Inforce
API Days Munich
DEFCON 33
it-sa Expo&Congress
More info on our whereabouts. https://graylog.org/events/ #cybersecurity #APIsecurity #SIEM #logmanagement
Non-Human Identities: The Hidden Risk in Your Stack
Non-human identities (NHIs)—like API keys, service accounts, and OAuth tokens—now outnumber human accounts in many enterprises. But are you managing them securely? With 46% of organizations reporting compromises of NHI credentials just this year, it’s clear: these powerful, often-overlooked accounts are the next cybersecurity frontier.
Read The Hacker News article for more details: https://thehackernews.com/2025/06/the-hidden-threat-in-your-stack-why-non.html