The Next Web

Hackers are mass-exploiting a Gravity SMTP flaw to steal API keys from 100,000 WordPress sites

Wordfence has blocked 17M+ exploit attempts targeting a Gravity SMTP bug that leaks API keys, OAuth tokens, and full system reports without authentication.

Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next

SearchLeak and a three-CVE LiteLLM chain broke the same AI trust boundary in two weeks. A 5-check audit maps each gap to a ...
InfoQ

Ky 2.0 Fetch API Wrapper with Revamped Hooks, Smarter Timeouts, and Built-In Schema Validation

Ky 2.0 is an open-source JavaScript HTTP client built on the Fetch API, featuring significant updates such as consolidated ...
Developer Tech

JetBrains marketplace malware exposes developer API keys

Security researchers identified a coordinated malware campaign within the JetBrains Marketplace designed to exfiltrate ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
cybernews

Google Cloud developers going bankrupt over Gemini API key abuse: hard spending caps now available

Developers and startup founders on social media are sharing stories of being hit with devastating Google Cloud charges totaling dozens of thousands of dollars due to unauthorized Gemini API usage.
theregister

Google users fight for refunds as unauthorized API usage bills soar

Several Google Cloud customers say their API keys have been compromised and used by bad actors to run inferencing workloads using the most expensive video and picture models, leaving them with bills ...
Developer Tech

Check Point: AI coding assistants are leaking API keys

Check Point researchers have found that popular AI coding assistants are unintentionally leaking sensitive internal data, including API keys. Standard development environments rely on strict rules. A ...
CoinDesk

Hack at Vercel sends crypto developers scrambling to lock down API keys

Web infrastructure provider Vercel disclosed a security breach that may have exposed customer API keys, prompting crypto projects to rotate credentials and review their code. Vercel traced the ...