As API attacks grow in frequency, it's important to defend against them. Understand how API vulnerabilities differ from those associated with web apps and which areas hackers target.

New Linux malware uses Dogecoin API to find C&C server addresses Security researchers discover Doki, a new backdoor malware strain targeting Docker instances.

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.

A normal response to XSS attacks is to patch the vulnerability, invalidate session cookies so that everyone is forced to re-authenticate, and optionally force a password change.