HomeCybersecurityArticle
Cyber · InfoQ.com

A Trailing Slash Bypassed AWS API Gateway Authorization

By Steef-Jan WiggersJune 1, 2026 · 1 min read

A security researcher found that adding a trailing slash to AWS HTTP API paths bypassed Lambda authorizer authentication entirely, enabling unauthenticated wire transfers at a fintech. The root cause is a path normalization mismatch between HTTP API's greedy …

Security researcher Piyush Gupta discovered that adding a trailing slash to API paths on AWS HTTP API, the newer and cheaper variant of API Gateway, could bypass Lambda authorizer authentication enti…

Cybersecurity
Cyber · InfoQ.com
The Sovereign Post
■ More from Cybersecurity
Cyber · The Next Web
A WordPress plugin sold to 15,000 sites has a flaw that lets anyone create an admin account, and attackers are already using it
A critical vulnerability in WP Maps Pro, a commercial WordPress plugin with more than 15,000 sales on the Envato Market, is being actively exploited by attackers to create malicious administrator accounts on vulnerable sites. The flaw, tracked as CVE-2026-873…
Darius Popa · June 1, 2026
Cyber · GlobeNewswire
Levi & Korsinsky Reminds Shareholders of a Lead Plaintiff Deadline of June 23, 2026 in Regencell Bioscience Holdings Limited Lawsuit - RGC
Were Regencell's Boilerplate Risk Warnings Adequate? Lawsuit Alleges $14 Billion Company Used Generic Volatility Disclaimers to Mask Specific Market Manipulation Vulnerability Were Regencell's Boilerplate Risk Warnings Adequate? Lawsuit Alleges $14 Billion Co…
Levi & Korsinsky, LLP · June 1, 2026
Cyber · GlobeNewswire
AVAV Shareholder Alert: July 27, 2026 Lead Plaintiff Deadline in AeroVironment, Inc. Securities Class Action - Contact Levi & Korsinsky
Important Notice Regarding Alleged Misrepresentations About AeroVironment's SCAR Program Competitive Risks and Single-Vendor Contract Vulnerability Important Notice Regarding Alleged Misrepresentations About AeroVironment's SCAR Program Competitive Risks and …
Levi & Korsinsky, LLP · June 1, 2026
Cyber · Alltoc.com
Why did Meta fix Instagram email-change exploit? #tech
Meta fixed a chatbot linked Instagram email issue Hackers claimed they used Meta’s AI support chatbot to change the email addresses attached to Instagram accounts, during a period when high profile account takeovers were widespread. Meta responded by addressi…
AllToc · June 1, 2026