cybernews

Google cracks down on unrestricted API keys to stop Gemini billing hackers

Changes prevent malicious hackers from causing massive unauthorized cloud bills. For years, Google told developers that Google API keys, used for Maps, Firebase ar other services, were not secrets.
The Hacker News

Malicious JetBrains Plugins Steal AI API Keys as Chrome Extensions Capture Chatbot Chats

Researchers found 15 malicious JetBrains plugins posing as AI coding tools that exfiltrate OpenAI, DeepSeek, and SiliconFlow ...

The Hidden Complexity In AI Infrastructure: Why Credentials Are The Real Attack Surface

The Weaviate incident in 2025 illustrated this clearly. A researcher discovered an exposed OpenAI API key in a public ...

Why Non-Human Identities Are The Fastest-Growing Risk On Your CISO's Radar

The cost story is worse. IBM's Cost of a Data Breach Report puts the global average breach cost at $4.4 million, with ...

Claude Mythos exposed a hard truth: Your enterprise patching process is way too slow

A recent study validated against 28,377 real-world vulnerabilities offers a concrete replacement: A three-layer decision tree ...
theregister

Threat hunters find Google API keys still usable 23 minutes after deletion

You know your Google API key has leaked so you rush to disable it before bad actors can start running up charges on your account. Bad news: According to security researchers at Aikido, people can use ...
Memeburn

China's Claude API Grey Market Sells AI Access at 90% Off — and Your Data Pays the Rest

China's Claude API grey market sells AI access at up to 90% off in 2026 — but your prompts, passwords, and private data may ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
TheServerSide

How to get an OpenAI API key for ChatGPT

The biggest mistake people make when trying to get their ChatGPT API key is that they use the wrong URL. The key can't be found at chatgpt.com. Instead, point your browser to the OpenAI developer ...
CoinDesk

Hack at Vercel sends crypto developers scrambling to lock down API keys

Web infrastructure provider Vercel disclosed a security breach that may have exposed customer API keys, prompting crypto projects to rotate credentials and review their code. Vercel traced the ...