paloaltonetworks.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-27.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-27 2026 | Bitwarden CLI Impersonation Attack Steals Cloud Credentials and Spreads Across npm Supply ChainsSupply Chain | Writeup of the `@bitwarden/cli` npm supply chain attack by TeamPCP, detailing its worm-like propagation across AWS, Azure, and GCP credentials by harvesting secrets from local filesystems, environment variables, and cloud secret managers. The malicious package, version 2026.4.0, impersonated the legitimate Bitwarden CLI and spread to thousands of users before detection, impacting developer workstations and CI/CD pipelines. |
| 2026-04-22 2026 | What Is Broken Object Property Level Authorization?API Sec | Guide to Broken Object Property Level Authorization, ranked third on OWASP's API Security Top 10 for 2023, details how APIs often fail to restrict access to individual data fields within objects. It covers how this vulnerability manifests in REST and GraphQL APIs, its business impact, and methods for implementing granular property-level access controls to prevent unauthorized reading and modification of sensitive data like internal identifiers or account status. |
| 2026-04-22 2026 | What Is Broken Object Level Authorization?API Sec | Reference detailing Broken Object Level Authorization (BOLA), the top API security risk according to OWASP. This vulnerability arises when APIs fail to properly validate object permissions after function-level access is granted, allowing attackers to manipulate object identifiers within requests, such as direct object references in RESTful APIs, to access unauthorized data. The resource contrasts BOLA with Broken Function Level Authorization (BFLA), emphasizing that BOLA exploits parameter manipulation within authorized endpoints, not privilege escalation. |
| 2026-04-11 2026 | Widespread npm Supply Chain Attack: Billions at RiskSupply Chain | Analysis of a widespread npm supply chain attack targeting 18 popular packages, including debug, chalk, and ansi-styles, which are downloaded billions of times weekly. The attack, initiated via phishing and account compromise, injected crypto-stealing malware designed to hijack cryptocurrency transactions by imperceptibly altering destination addresses before user signing. This incident highlights the critical risks inherent in the open-source software supply chain, emphasizing the need for robust security measures to prevent malicious code propagation within development pipelines and cloud environments. |
| 2026-04-10 2026 | What Is CSRF? - Palo Alto NetworksCSRF | Reference defining CSRF (CWE-352), a web application attack exploiting session-based authentication to trick authenticated users into submitting unintended requests. Attackers leverage the browser's automatic inclusion of session cookies to perform unauthorized actions on behalf of the user without their knowledge or consent, such as changing settings or initiating transactions. This technique plays a supporting role in MITRE ATT&CK techniques like T1530. |
| 2026-03-01 2026 | What Is Server Side Request Forgery? - Palo Alto NetworksSSRF | Reference detailing Server Side Request Forgery (SSRF) or API7:2023, a vulnerability where attackers leverage an application server as a proxy to access internal resources. The content explains how SSRF attacks function, real-world exploitation techniques, business impacts, identification methods, and prevention strategies. It highlights the amplified risk in cloud-native architectures and mentions specific OWASP API Security Top 10 risks such as Broken Object Level Authorization (API1:2023), Broken Authentication (API2:2023), and Security Misconfiguration (API8:2023). |