API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...

State-backed hackers are using Google's Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions. Bad actors from China (APT31, Temp.HEX), Iran (APT42), North ...

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.

WASHINGTON, Feb 2 (Reuters) - A buzzy new social network where artificial intelligence-powered bots appear to swap code and gossip about their human owners had a major flaw that exposed private data ...

Sophos details how an infostealer – dubbed TamperedChef – found its way into systems via a trojanised PDF editing application called AppSuite PDF Editor Ever heard of EvilAI? It is not a sci-fi movie, ...

API cybersecurity will be a ping pong ball, battered between the rackets of AI-assisted attackers and AI-assisted defenders. SecurityWeek’s Cyber Insights 2026 examines expert opinions on the expected ...

CyberChef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. These operations include simple encoding like XOR and Base64, more complex encryption ...

IBM has released security updates to address a critical IBM API Connect vulnerability that could allow remote attackers to bypass authentication controls and gain unauthorized access to affected ...

As organizations accelerate cloud-native development, APIs have become a critical attack surface—yet many security teams lack full visibility into how APIs are designed, shared, and deployed.

Artificial intelligence (AI) company OpenAI was impacted by a third-party breach affecting analytics company Mixpanel, exposing “limited” user data. “On November 9, 2025, Mixpanel became aware of an ...

Abstract: The adversarial example presents new security threats to trustworthy detection systems. In the context of evading dynamic detection based on API call sequences, a practical approach involves ...