Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

The module targets Claude Code, Claude Desktop, Cursor, Microsoft Visual Studio Code (VS Code) Continue, and Windsurf. It also harvests API keys for nine large language models (LLM) providers: ...
InfoWorld

New npm worm hits CI pipelines and AI coding tools

Researchers warn malicious packages can harvest secrets, weaponize CI systems, and spread across projects while carrying a dormant wipe mechanism.
InfoQ

Cilium at Ten Years: Stronger Encryption, Safer Policies, and Clearer Visibility for Large Clusters

Cilium 1.19 has been released, marking ten years of development for the eBPF-based networking and security project. There isn’t a flagship feature in this release; instead, it focuses on security ...

ATMs are getting hacked the old-fashioned way: with keys and USB drives

Banks across the United States are grappling with a wave of physical malware attacks on their ATMs, according to a new cybersecurity alert from the Federal ...
Poynter

Digital Tools for Journalism

Tools make our journalism more powerful. They unleash our storytelling potential, unlock secrets in data, and help us share stories in new and compelling ways. As newsroom ranks and audience attention ...
Infosecurity-magazine.com

Infosecurity Magazine

Subscribe to our weekly newsletter for the latest in industry news, expert insights, dedicated information security content and online events.