The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
Bleeping Computer

Latest API Key news

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Close to 12,000 valid secrets that ...
Opinion
Security BoulevardOpinion

Why Traditional IAM Is No Match for Agentic AI

Legacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post Why Traditional IAM Is No Match for Agentic AI appeared ...
AMBCrypto

‘Significantly accelerated by AI’ – Vercel breach adds to April’s crypto attack wave

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...

Vercel breach exposes the OAuth gap most security teams cannot detect, scope or contain

A Vercel employee's AI tool OAuth grant gave attackers access to internal systems via a four-hop kill chain. Here's what ...
Security

Salt Security enhances API security platform with OAuth protection package

PALO ALTO, Calif., April 25, 2024 -- Salt Security today announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...

Google Ads API to require multi-factor authentication

Google’s new MFA requirement for the Ads API strengthens security but may require advertisers to adjust authentication ...