The Hacker News

Toxic Combinations: When Cross-App Permissions Stack into Risk

Toxic combinations form when AI agents, integrations, or OAuth grants bridge SaaS apps into trust relationships no single ...
Cryptopolitan on MSN

More users enter impact radius of Vercel exploit

The April 2026 Vercel security incident continues to extend past initial claims. The incident, which was said to involve what ...
Bleeping Computer

Latest API Key news

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI assistant and access private data. Close to 12,000 valid secrets that ...
Opinion
Security BoulevardOpinion

Why Traditional IAM Is No Match for Agentic AI

Legacy IAM can't govern autonomous AI agents that spin up, execute and terminate in seconds. New identity patterns are now emerging. The post Why Traditional IAM Is No Match for Agentic AI appeared ...

Learning from the Vercel breach: Shadow AI & OAuth sprawl

A single third-party OAuth integration can become a direct path into your environment. Push explains how the Vercel breach ...
Security

Salt Security enhances API security platform with OAuth protection package

PALO ALTO, Calif., April 25, 2024 -- Salt Security today announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities ...
AMBCrypto

‘Significantly accelerated by AI’ – Vercel breach adds to April’s crypto attack wave

How API keys of multiple Vercel customers led to the compromise of Vercel's environment variables marked as “sensitive.” ...
Threat Post

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of ...