The API returns sensitive data to the client by design. This data is usually filtered on the client side before being presented to the user. An attacker can easily sniff the traffic and see the sensitive data. Understanding Excessive Data Exposure Bug When an API endpoint returns more data than is required or meant for […]

Welcome back, HackingBlogs readers and fellow API security enthusiasts! Day 2 of our API hacking course begins today, digging deeply into Broken Object Level Authorization (BOLA), one of the most important and frequently abused vulnerabilities. We’ll go over what BOLA is, why it’s a major risk to APIs, and how attackers usually take advantage of

Hi everyone in the HackingBlogs community!Your trainer, Dipanshu Kumar, is here. I started API-HACKING BOOTCAMP where i went into the topic of API security a few weeks ago when I gave a free API Hacking Masterclass. Although I am aware that some of you were unable to attend the live session, the feedback I received

< Greetings, HackingBlogs community! / > I’m back with another interesting article , and now we’re looking into details about a anonymous and unidentified hacker/hacker group . Sensitive information on some of the most well-known ransomware groups and hackers in the world has been leaked by this person. In addition to names and aliases, GangExposed

Hi, HACKINGBLOGS Community, This is Dipanshu Kumar.Don’t worry, the articles are back and regular! I know you’ve missed me! However, this one is quite significant. I’ll be analyzing some startling CYBLE research today, which found 20 fake apps that are actually Crypto Keys stealers rather than apps. Let’s get started immediately! Additionally, remember to share

What tools are definitely necessary for someone who is deeply involved in hacking, I’ve been wondering. The best part? All of these tools have been used by me personally. Now, this is a Know The Tools guide, so don’t believe a deep dive or a comprehensive “how-to-use” tutorial. However, you can be sure that I

May 30, 2025 | By Dipanshu Kumar HACKINGBLOGS The major data breach that affected over 364,000 people was revealed by data broker giant LexisNexis Risk Solutions in an unexpected way in LexisNexis data breach. On Christmas Day 2024, hackers took extremely sensitive personal information. It was not until an anonymous tip reached LexisNexis on April

Hi everyone, this is Dipanshu Kumar from Hackingblogs.com I’m going into a critical finding made by Trend Micro today. Trend Micro recently discovered a terrifying new campaign that isn’t taking place in shady emails or hidden forums. On TikTok, it’s taking place right in front of you. Yes, you read correctly. Ignore sketchy downloads and

Your login information may already be in the hands of cybercriminals if you have ever used Facebook, Instagram, Microsoft, Snapchat, Google, or even Roblox. In what experts are describing as the worst infostealer malware data breach 2025, a shocking 184 MILLION usernames and passwords were discovered fully exposed online. What’s the craziest part of infostealer

By Dipanshu Kumar HackingBlogs – May 17, 2025 | 5 min read The Metasploit 6.4.64 RCE Privilege Escalation Exploits 2025 update demands immediate attention from security researchers, pentesters, and bug bounty hunters. Highlights at a Glance: The popular offensive security framework used by red teamers and ethical hackers, Metasploit, recently received a major update that